US critical infrastructure firms should reinforce their defenses and increase their vigilance following data-destroying cyberattacks in Ukraine prior to a large-scale Russian attack on the country, the FBI and US Cybersecurity and Infrastructure Security Agency said Saturday.
“Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data,” the US agencies said in a public advisory. “Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries.”
The advisory includes several technical recommendations for organizations to keep malicious software from spreading on their systems.
US officials continue to say there are “no specific, credible” threats to the US homeland tied to tensions with Russia over Ukraine, but Saturday’s advisory is the latest warning from officials that what happens in cyberspace in Ukraine may not stay there.
Just hours before Russian forces began to attack Ukraine early Thursday, cybersecurity researchers said they had found a data-wiping hacking tool on hundreds of computers belonging to the Ukrainian government and financial organizations. The malicious code is designed to delete data from computers and render them inoperable — which has the potential to hobble organizations trying to stay online during a war.
Jean-Ian Boutin, head of threat research at anti-virus firm ESET, which responded to some of the destructive hacks, told CNN that he assumed that the malware was successfully deployed and the “affected machines were wiped.”
Two Ukrainian government contractors — one with a presence in Latvia and another with a presence in Lithuania (both NATO members) — were hit with the malware, according to Broadcom’s cybersecurity unit Symantec. While the hack was targeted at Ukrainian assets, the potential for collateral damage in cyberspace during the war in Ukraine has been high on Western officials’ minds.
It’s unclear who was responsible for deploying the destructive malware. It was the second such destructive hack in as many months. A similar piece of malicious code appeared on the systems of some Ukrainian government agencies and nonprofit and technology organizations in January.
The White House has blamed Russia’s GRU military intelligence agency for a separate cyberattack on Ukrainian government websites on February 15 that temporarily knocked the websites offline. Russia has denied the allegation.
In a statement Saturday, CISA Director Jen Easterly said her agency has been working “with our partners to identify and rapidly share information about malware that could threaten the operations of critical infrastructure here in the U.S.”