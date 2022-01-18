Just after talks between Russia and the US on the Ukraine crisis reached a dead end last week, the country was hit by a cyberattack crashing several government websites.

The attackers left a message on the Ukrainian foreign ministry website that read: “Ukrainians! … All information about you has become public. Be afraid and expect worse. It’s your past, present and future.” The message featured a crossed-out map and flag of Ukraine, and made some reference to the Ukrainian insurgent army, or UPA, which fought against the Soviet Union during the second world war.

On Sunday, the Ukrainian government blamed Russia for the attack, saying the attack is the latest manifestation of Russia’s ongoing “hybrid war” against Ukraine that began in 2014, when Russia invaded and annexed the Crimean peninsula. Ukraine provided no evidence of this, while Russia denied the claims.

“We are nearly accustomed to the fact that Ukrainians are blaming everything on Russia, even their bad weather," Kremlin spokesman Dmitry Peskov said.

The attack comes as tensions have ratcheted up between the Western bloc and Russia, after the second deployed about 100,000 troops near Ukraine. Moscow has denied it is planning an invasion, but has asked that NATO deny membership to Ukraine and other ex-Soviet countries, citing threats to its security.

It also comes on the heels of a crisis in neighbouring Belarus, where thousands of mostly Middle Eastern migrants and refugees gathered at the border with Poland after flying into Belarus with short-term visas.

While links with Russian hacking groups, or Russia itself, are far from certain, some experts point at similar tactics used in the past.

Among others, John Hultquist, an analyst at US cybersecurity firm Mandiant, pointed out that last week’s defacement of government websites show similarities to “fake ransomware” attacks used by Russian hackers behind several large-scale operations in Ukraine and elsewhere in the past. This means that instead of asking victims for a ransom payment to get their data back, their data will be wiped out instead.

In a blog post on Saturday, Microsoft said it had detected a “destructive malware operation targeting multiple organizations in Ukraine and surrounding region”, which first appeared on January 13 – around the same time government agencies in Ukraine found their websites had been defaced.

The organisations affected, Microsoft said, include key government agencies and an IT firm that manages websites for public and private sector clients – including the government agencies whose websites were recently defaced.