On January 18, 2022, Avertium CTI published a flash notice detailing Microsoft’s discovery of destructive malware (DEV-0586) being used to corrupt the systems of several organizations in Ukraine.
When: Microsoft’s initial discovery of the ransomware-like malware was made on January 13, 2022.
What: According to Microsoft, the malware was designed to look like ransomware but lacks a ransom recovery mechanism. A few days prior to this incident, over 70 Ukrainian government websites were defaced by groups that are allegedly associated with the Russian secret service. At the time, Microsoft stated that they had yet to find any notable links between the new malware, now named WhisperGate, and the website attacks.
How: The malware is a wiper and impacted the Ukrainian Foreign Ministry, the Ministry of Education and Science, and other state services. Now, the defacement and compromise of the sites (at least two government systems) comes at a time when there is a growing threat of invasion by Russia into Ukraine. Russia denies defacing the sites, but the Ukrainian Digital Transformation Ministry stated that all evidence points to Russia. They believe that “Moscow is continuing to wage hybrid warfare”(Міністерства).
Let’s take a look at WhisperGate, why it’s become a major concern for the Ukrainian government, and how these cyberattacks could spill over into the U.S.
