{
	"id": "ab06fb5b-9da5-4c33-b693-f60cdad088c8",
	"created_at": "2026-04-06T00:11:19.529387Z",
	"updated_at": "2026-04-10T13:12:55.334426Z",
	"deleted_at": null,
	"sha1_hash": "fd0f29d9d703ca3748f00b088bb7e1516f634102",
	"title": "Malware attacks targeting Ukraine government - Microsoft On the Issues",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 518883,
	"plain_text": "Malware attacks targeting Ukraine government - Microsoft On the\r\nIssues\r\nBy Tom Burt\r\nPublished: 2022-01-16 · Archived: 2026-04-05 20:21:17 UTC\r\nToday, we’re sharing that we’ve observed destructive malware in systems belonging to several Ukrainian\r\ngovernment agencies and organizations that work closely with the Ukrainian government. The malware is\r\ndisguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable.\r\nWe’re sharing this information to help others in the cybersecurity community look out for and defend against\r\nthese attacks.\r\nAt this time, we have not identified notable overlap between the unique characteristics of the group behind these\r\nattacks and groups we’ve traditionally tracked but we continue to analyze the activity.\r\nThe organizations affected by this malware include government agencies that provide critical executive branch or\r\nemergency response functions and an IT firm that manages websites for public and private sector clients,\r\nincluding government agencies whose websites were recently defaced.\r\nhttps://blogs.microsoft.com/on-the-issues/2022/01/15/mstic-malware-cyberattacks-ukraine-government/\r\nPage 1 of 2\n\nThe Microsoft Threat Intelligence Center (MSTIC) has published a technical blog post detailing Microsoft’s\r\nongoing investigation and how the security community can detect and defend against this malware. We have also\r\nnotified each of the impacted organizations we have identified so far, partnered with other cybersecurity providers\r\nto share what we know, and notified appropriate government agencies in the United States and elsewhere. It is\r\npossible more organizations have been infected with this malware and the number of impacted organizations could\r\ngrow. We will continue to work with the cybersecurity community to identify and assist targets and victims.\r\nWe first detected this malware on January 13 2022. We have already built and deployed protections for this\r\nmalware into Microsoft 365 Defender Endpoint Detection (EDR) and Anti-virus (AV) protections wherever these\r\nproducts are deployed, both on-premises and in the cloud. We see no indication so far that these attacks utilize any\r\nvulnerability in Microsoft products and services.\r\nTags: cyberattacks, cybercrime, cybersecurity, malware, Microsoft Threat Intelligence Center, MSTIC\r\nSource: https://blogs.microsoft.com/on-the-issues/2022/01/15/mstic-malware-cyberattacks-ukraine-government/\r\nhttps://blogs.microsoft.com/on-the-issues/2022/01/15/mstic-malware-cyberattacks-ukraine-government/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://blogs.microsoft.com/on-the-issues/2022/01/15/mstic-malware-cyberattacks-ukraine-government/"
	],
	"report_names": [
		"mstic-malware-cyberattacks-ukraine-government"
	],
	"threat_actors": [],
	"ts_created_at": 1775434279,
	"ts_updated_at": 1775826775,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fd0f29d9d703ca3748f00b088bb7e1516f634102.pdf",
		"text": "https://archive.orkl.eu/fd0f29d9d703ca3748f00b088bb7e1516f634102.txt",
		"img": "https://archive.orkl.eu/fd0f29d9d703ca3748f00b088bb7e1516f634102.jpg"
	}
}