That was just a part of what Ukrainian officials said was an intensifying wave of hacks aimed at the country’s tech infrastructure in the lead up to Russia’s invasion on Thursday morning.
In a series of tweets, cybersecurity firm Eset said the data wiping program had been "installed on hundreds of machines in the country". The attack, it said, had likely been in the works for the past couple of months.
Cybersecurity experts are racing to pick apart the malicious program. Researchers found it appeared to have been digitally signed with a certificate issued to an obscure, year-old Cypriot company called Hermetica Digital, which doesn’t appear to have a website.
Because operating systems use code-signing as an initial check on software, such a certificate might have been designed to help the rogue program dodge antivirus protections.
Getting such a certificate under false pretences – or stealing it – isn't impossible, but it's generally the sign of a sophisticated and targeted operator, said Brian Kime, a Vice President at US cybersecurity firm ZeroFox.
Who is responsible for the wiper is unclear, although suspicion immediately fell on Russia, which has repeatedly been accused of launching data-scrambling hacks against Ukraine and other countries. Russia has denied the allegations.
Ukraine has been repeatedly hit by hackers in the past few
weeks as Russia massed troops around its borders. Earlier on Wednesday the
websites of Ukraine's government, foreign ministry and state security service
were down in what the government said was the start of another denial of
service (DDoS) attack.
Twitter said it had mistakenly suspended around a dozen accounts that were
posting about Russian military movements, and said the action was not due to a
coordinated bot campaign or mass reporting of the accounts by other users.
"We've been proactively monitoring for emerging narratives that are
violation of our policies, and, in this instance, we took enforcement action on
a number of accounts in error," a Twitter spokesperson said in a
statement. "We're expeditiously reviewing these actions and have already
proactively reinstated access to a number of affected accounts."
Bitcoin slumped to its lowest in a month on Thursday after Russian
forces fired missiles at several cities in Ukraine and landed troops on its
coast, sparking a sell-off of riskier assets. The world’s most popular
cryptocurrency fell by as much as 7.9% to US$34,324, its lowest since January 24
this year. Smaller coins that typically move in tandem with bitcoin also fell,
losing as much as 10.8%.
