The websites of the Cabinet of Ministers of Ukraine and those of the Ministries of Foreign Affairs, Infrastructure, Education and others were experiencing disruptions.
In a separate and potentially more serious hacking incident hours earlier, a data-erasing tool was found on hundreds of computers in Ukraine, cybersecurity researchers say, raising fears that a destructive cyberattack is on the way. takes place amid Russia’s military escalation.
“We are aware that several commercial and government organizations in Ukraine are impacted by the destructive malware today,” Charles Carmakal, senior vice president and chief technology officer at cybersecurity firm Mandiant, told CNN.
The early Thursday website disruptions in Ukraine followed news on Wednesday afternoon of a cyberattack that temporarily took the websites of Ukraine’s parliament, security service and cabinet of ministers offline.
It was not immediately clear who was responsible for the destructive hacking incidents or website disruptions early Thursday morning. The Ukrainian government did not immediately respond to CNN’s request for comment.
But taken together, the incidents represented an apparent escalation in cyberattacks on Ukrainian infrastructure as the United States and its allies warned of an imminent Russian invasion and imposed sanctions on Russian banks and elites.
Ukraine’s State Service of Special Communications and Information Protection said cyberattacks on websites reported earlier on Wednesday were “a continuation” of cyberattacks that hit Ukrainian government websites on Wednesday. February 15. The White House blamed Russia’s military intelligence agency, the GRU, for the hacks. . The Russian embassy in Washington has denied this accusation.
Of all the incidents, however, the data-wiping tool – known as the “wiper” malware – had the potential to be the most impactful. Wiper malware usually deletes data from computers and renders them unusable.
The hack affected at least one Ukrainian financial institution and one Ukrainian government contractor with a presence in Latvia, Vikram Thakur, technical director of Broadcom’s Symantec cybersecurity unit, told CNN.
The malicious code hit “large organizations” in Ukraine, according to cybersecurity firm ESET, which has several customers in the country. The hacking tool seems to have been created two months ago, but “was only deployed today and we only saw it in Ukraine”, said Jean-Ian Boutin, head of the threat research at ESET.
This headline and story have been updated with additional reports.
CNN Kyiv’s Tim Lister contributed to this report.