Ukraine said on Sunday it had “evidence” that Russia was behind a massive cyberattack that knocked out key government websites this past week, while Microsoft warned the hack could be far worse than first thought.
Tensions are at an all-time high between Ukraine and Russia, which Kyiv accuses of having amassed troops on its border ahead of a possible invasion. Some analysts fear the cyberattack could be the prelude to a military attack.
On Friday, Washington also accused Russia of sending saboteurs trained in explosives to stage an incident that could be the pretext to invade its pro-Western neighbour .
“All the evidence points to Russia being behind the cyberattack,” the Ukrainian Digital Transformation Ministry said in a statement. “Moscow is continuing to wage a hybrid war.”
The ministry urged Ukrainians not to panic, saying their personal information was protected.
The purpose of the attack, it added, “is not only to intimidate society. But to also destabilise the situation in Ukraine, halting the work of the public sector and crushing Ukrainians’ trust in the authorities”.
The Kremlin earlier rejected the claims and said there was no evidence Russia was behind the attack.
“We have nothing to do with it. Russia has nothing to do with these cyberattacks,” President Vladimir Putin’s spokesman, Dmitry Peskov, told CNN .
“Ukrainians are blaming everything on Russia, even their bad weather in their country,” he said in English.
Kyiv said late on Friday it had uncovered preliminary clues that Russian security services could have been behind the cyberattack .
Ukraine’s SBU security service said the attacks in the early hours of Friday had targeted a total of 70 government websites.
The website of the Foreign Ministry for a time displayed a message in Ukrainian, Russian and Polish that said “be afraid and expect the worst.”
Within hours of the breach, the security service said access to most affected sites had been restored and that the fallout was minimal.
But Microsoft warned Sunday that the cyberattack could prove destructive and affect more organisations than initially feared.
The U.S. software giant said it continued to analyse the malware and warned it could render government digital infrastructure inoperable.
“The malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom,” Microsoft said in a blog post.
Microsoft said it had not so far identified a culprit but warned that the number of affected organisations could prove larger than initially thought.
“Our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues,” it said.
“These systems span multiple government, non-profit, and information technology organisations, all based in Ukraine. We do not know the current stage of this attacker’s operational cycle or how many other victim organisations may exist in Ukraine or other geographic locations.”