Microsoft Warns of Destructive Malware Campaign Targeting Ukraine

Microsoft Warns of Destructive Malware Campaign Targeting Ukraine

Microsoft has detected a major malware wiper campaign targeting government, IT and non-profit organizations across Ukraine.

Dubbed “WhisperGate,” the attacks were first spotted on January 13, at around the same time that over a dozen government websites were forced offline in what was described as a “massive” cyber-attack.

Although Microsoft said it had not noticed any links between the destructive malware campaign, tracked as DEV-0586, and previous known activity groups, it comes at a time of heightened tensions with Russia, which is once again threatening Ukraine with invasion.

The malware, “which is designed to look like ransomware but lacking a ransom recovery mechanism,” has been found on “dozens” of systems, although it may have spread far wider, Microsoft warned.

“The two-stage malware overwrites the Master Boot Record (MBR) on victim systems with a ransom note (Stage 1). The MBR is the part of a hard drive that tells the computer how to load its operating system. The ransom note contains a Bitcoin wallet and Tox ID (a unique account identifier used in the Tox encrypted messaging protocol) that have not been previously observed by the Microsoft Threat Intelligence Center (MSTIC),” the blog post noted.

“The malware

Read More: https://www.infosecurity-magazine.com/news/microsoft-destructive-malware/