Ukrainian officials believe a hacker group linked to Belarusian intelligence was behind Friday attacks, targeting government websites.
"We believe preliminarily that the group UNC1151 may be involved in this attack," Serhiy Demedyuk, deputy secretary of the national security and defense council, told Reuters.
Researchers at Mandiant recently named UNC1151 behind several information operation campaigns targeting Ukraine, Lithuania, Latvia, Poland, and Germany.
Researchers claim that technical information pinned the operation HQ in the Belarusian capital Minsk and having links with Belarusian Military. The Eastern European country is a staunch ally of Russia.
"This is a cyber-espionage group affiliated with the special services of the Republic of Belarus," Demedyuk told Reuters.
Ukrainian state officials claim that the attack was a cover for more destructive actions behind the scenes that will have consequences in the near future.
"The group specializes in cyber espionage, which is associated with the Russian special services and which, for its attacks, resorts to recruiting or undercover work of its insiders in the right company," Demedyuk said.
On Saturday, Microsoft released a blog entry claiming the company's security teams identified destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government.
"Microsoft Threat Intelligence Center (MSTIC) assesses that the malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom," reads the report.
Among the key differences between ransomware attacks and one observed with Ukrainians is that the malware does not have any mechanism for data recovery.
MSTIC found that malware in question resides in working directories and is often named stage1.exe. The malware executes via Impacket, a tool often used by threat actors for lateral movement.
Researchers also identified that an IT company that, among others, services the Ukrainian government was also affected by the malware.
More from CyberNews:
Subscribe to our newsletter