US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn

“Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data,” the US agencies said in a public advisory. “Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries.”

Jean-Ian Boutin, head of threat research at anti-virus firm ESET, which responded to some of the destructive hacks, told CNN that he assumed that the malware was successfully deployed and the “affected machines were wiped.”

Two Ukrainian government contractors — one with a presence in Latvia and another with a presence in Lithuania (both NATO members) — were hit with the malware, according to Broadcom’s cybersecurity unit Symantec. While the hack was targeted at Ukrainian assets, the potential for collateral damage in cyberspace during the war in Ukraine has been high on Western officials’ minds.

It’s unclear who was responsible for deploying the destructive malware. It was the second such destructive hack in as many months. A similar piece of malicious code appeared on the systems of some Ukrainian government agencies and nonprofit and technology organizations in January.

The White House has blamed Russia’s GRU military intelligence agency for a separate cyberattack on Ukrainian government websites on February 15 that temporarily knocked the websites offline. Russia has denied the allegation.

In a statement Saturday, CISA Director Jen Easterly said her agency has been working “with our partners to identify and rapidly share information about malware that could threaten the operations of critical infrastructure here in the U.S.”