A newly discovered, destructive piece of software found
circulating in Ukraine hit hundreds of computers, according to researchers at
the cybersecurity firm Eset.
That was just a part of what Ukrainian officials said was an
intensifying wave of hacks aimed at the country’s tech infrastructure in the
lead up to Russia’s invasion on Thursday morning.
In a series of tweets, cybersecurity firm Eset said the data
wiping program had been "installed on hundreds of machines in the
country". The attack, it said, had likely been in the works for the past
couple of months.
Cybersecurity experts are racing to pick apart the malicious
program. Researchers found it appeared to have been digitally signed with a
certificate issued to an obscure, year-old Cypriot company called Hermetica
Digital, which doesn’t appear to have a website.
Because operating systems use code-signing as an initial
check on software, such a certificate might have been designed to help the
rogue program dodge antivirus protections.
Getting such a certificate under false pretences – or
stealing it – isn't impossible, but it's generally the sign of a sophisticated
and targeted operator, said Brian Kime, a Vice President at US cybersecurity
firm ZeroFox.
Who is responsible for the wiper is unclear, although
suspicion immediately fell on Russia, which has repeatedly been accused of
launching data-scrambling hacks against Ukraine and other countries. Russia has
denied the allegations.
Ukraine has been repeatedly hit by hackers in the past few
weeks as Russia massed troops around its borders. Earlier on Wednesday the
websites of Ukraine's government, foreign ministry and state security service
were down in what the government said was the start of another denial of
service (DDoS) attack.
Twitter said it had mistakenly suspended around a dozen accounts that were
posting about Russian military movements, and said the action was not due to a
coordinated bot campaign or mass reporting of the accounts by other users.
"We've been proactively monitoring for emerging narratives that are
violation of our policies, and, in this instance, we took enforcement action on
a number of accounts in error," a Twitter spokesperson said in a
statement. "We're expeditiously reviewing these actions and have already
proactively reinstated access to a number of affected accounts."
Bitcoin slumped to its lowest in a month on Thursday after Russian
forces fired missiles at several cities in Ukraine and landed troops on its
coast, sparking a sell-off of riskier assets. The world’s most popular
cryptocurrency fell by as much as 7.9% to US$34,324, its lowest since January 24
this year. Smaller coins that typically move in tandem with bitcoin also fell,
losing as much as 10.8%.