Data wiping malware hits Ukraine computers

A newly discovered, destructive piece of software found circulating in Ukraine hit hundreds of computers, according to researchers at the cybersecurity firm Eset. 

That was just a part of what Ukrainian officials said was an intensifying wave of hacks aimed at the country’s tech infrastructure in the lead up to Russia’s invasion on Thursday morning.

In a series of tweets, cybersecurity firm Eset said the data wiping program had been "installed on hundreds of machines in the country". The attack, it said, had likely been in the works for the past couple of months.

Cybersecurity experts are racing to pick apart the malicious program. Researchers found it appeared to have been digitally signed with a certificate issued to an obscure, year-old Cypriot company called Hermetica Digital, which doesn’t appear to have a website.

Because operating systems use code-signing as an initial check on software, such a certificate might have been designed to help the rogue program dodge antivirus protections.

Getting such a certificate under false pretences – or stealing it – isn't impossible, but it's generally the sign of a sophisticated and targeted operator, said Brian Kime, a Vice President at US cybersecurity firm ZeroFox.

Who is responsible for the wiper is unclear, although suspicion immediately fell on Russia, which has repeatedly been accused of launching data-scrambling hacks against Ukraine and other countries. Russia has denied the allegations.

Ukraine has been repeatedly hit by hackers in the past few weeks as Russia massed troops around its borders. Earlier on Wednesday the websites of Ukraine's government, foreign ministry and state security service were down in what the government said was the start of another denial of service (DDoS) attack.

Twitter said it had mistakenly suspended around a dozen accounts that were posting about Russian military movements, and said the action was not due to a coordinated bot campaign or mass reporting of the accounts by other users.

"We've been proactively monitoring for emerging narratives that are violation of our policies, and, in this instance, we took enforcement action on a number of accounts in error," a Twitter spokesperson said in a statement. "We're expeditiously reviewing these actions and have already proactively reinstated access to a number of affected accounts."

Bitcoin slumped to its lowest in a month on Thursday after Russian forces fired missiles at several cities in Ukraine and landed troops on its coast, sparking a sell-off of riskier assets. The world’s most popular cryptocurrency fell by as much as 7.9% to US$34,324, its lowest since January 24 this year. Smaller coins that typically move in tandem with bitcoin also fell, losing as much as 10.8%.