A hacking team that Ukraine says is controlled by Russian intelligence has targeted a wide range of organizations in the country, according to cybersecurity research by two U.S. technology companies.
Microsoft said on February 4 that since October 2021 a group called Gamaredon had tried to obtain sensitive information from military, governmental, and nongovernmental organizations in Ukraine.
The report included a screen shot of one such attempt, which showed an e-mail embedded with malicious code disguised as an update from the World Health Organization on the COVID-19 pandemic.
The information from Microsoft came a day after cybersecurity company Palo Alto Networks said that Gamaredon attacked a Western government entity in Ukraine in January. The report did not name the entity, and a company representative declined to comment further, according to Reuters.
Gamaredon is one of the most "active existing advanced persistent threats targeting Ukraine," the Palo Alto report said.
"Given the steps and precision delivery involved in this campaign, it appears this may have been a specific, deliberate attempt" to target a "Western government organization," a Palo Alto Networks spokesperson said in a statement.
The United States and other allies have sent military advisers and cybersecurity experts to Ukraine in recent months to help defend against hackers.
Relations between Western countries and Russia remain on edge due to more than 100,000 troops deployed near the border with Ukraine, prompting fears of war. Although it has denied that it plans an invasion, Russia is demanding sweeping security guarantees, including a promise that NATO never admit Ukraine.
The Ukrainian Security Service (SBU) in November said a team of Russian Federal Security Service (FSB) officers based in Crimea were behind Gamaredon.
Kyiv has previously accused Moscow of orchestrating large cyberattacks as part of a "hybrid war" against Ukraine, but Russia denies this.
The SBU said in March 2021 it had prevented a large-scale cyberattack by Russian hackers targeting classified government data.
A NATO spokesperson did not immediately respond to a request for comment on the reports by Microsoft and Palo Alto Networks, according to Reuters, which also said the Russian Embassy in Washington did not reply to a request for comment about Gamaredon, also known as Primitive Bear.
White House cybersecurity official Anne Neuberger said on February 2 that Russia could use cyberattacks as part of its efforts to destabilize and further invade Ukraine.
"We've been warning for weeks and months, both publicly and privately" of potential attacks, Neuberger said during a visit to her European counterparts.