While the Russian military might be poised to invade Ukraine, hackers in the region are also creating chaos in cyberspace — and the consequences could be far-ranging.

Transcript

MARY LOUISE KELLY, HOST:

All right. Let's turn to tensions which are running higher than ever after talks last week between the U.S., NATO and Russian officials failed to reach any consensus. We don't know whether the Russian military is about to invade Ukraine. We do know hackers in the region are already creating chaos in cyberspace.

NPR's cybersecurity correspondent Jenna McLaughlin joins us with more. Hey there.

JENNA MCLAUGHLIN, BYLINE: Hey, Mary Louise. Thanks.

KELLY: What do we need to know about cyberattacks underway right now?

MCLAUGHLIN: Sure. So there's a lot going on. The first news we heard happened late last week. About 70 Ukrainian government websites were defaced. Hackers posted scary messages in Ukrainian, Russian and sloppy Polish. They said be afraid and expect worse.

It looked like a major attack, but it actually only impacted one content management system for all those websites. It was a fairly unsophisticated information operation, and cybersecurity researchers linked it to a hacking group with ties to Belarus and the Russian military.

KELLY: And that's not all the news. Keep going.

MCLAUGHLIN: Yes, of course. I mean, late Saturday, Microsoft also discovered evidence of potentially destructive malware that was hiding on devices belonging to several Ukrainian companies and agencies. The hackers disguised it to look like ransomware, but if it's activated, it actually wipes out data and renders devices inoperable. You can't get that data back.

As of now, we know of only a couple dozen individual computers in Ukraine that were wiped, but Ukrainian authorities are also saying that they detected bad guys scanning for vulnerabilities in the energy sector. Something like that's potentially more concerning.

KELLY: All right. So the million-dollar question, Jenna - is this Russia?

MCLAUGHLIN: So Ukrainian officials have been really quick to link both attacks to Russia. They're calling it Operation Bleeding Bear. Researchers around the world are studying the code right now.

I spoke to John Hultquist, who's the vice president of threat intelligence at cybersecurity firm Mandiant. He spent years tracking Russian cyberattacks in Ukraine, and this behavior follows a pattern from almost the last decade. Russia's well-known for disinformation operations as well as more destructive attacks, like when Russia attacked Ukraine's power grid in 2015.

KELLY: Yeah.

MCLAUGHLIN: Here's how John described the malware Microsoft uncovered, which they're calling WhisperGate.

JOHN HULTQUIST: This is actually an M.O. that we have seen from Russian military intelligence on several occasions. It's happened so many times, in fact, that we have been warning our customers to look out for fake ransomware attacks that are actually wipers from Russian military intelligence.

MCLAUGHLIN: Hultquist says the fake ransomware aspect gives Putin's hackers another way to sort of disguise what they're doing, though at this point it's pretty thinly veiled.

KELLY: Yeah, and how serious is all of this in the grand scheme of things? It sounds like things could get worse.

MCLAUGHLIN: Absolutely. We're all obviously really concerned for a hot war, but cyberattacks could hit critical infrastructure in Ukraine. There's a lot of vulnerable, pirated software out there on Ukrainian systems. Plus, experts I spoke to said cyberattacks could actually spill out and cause damage outside of Ukraine.

The most costly cyberattack in history, which was called NotPetya, was also this similar kind of malware that was disguised as ransomware that infected not only Ukrainian devices, but companies around the world in 2017. It spread on its own, and it ended up costing organizations around the world over a billion dollars. The U.S. government is actually already warning organizations to be wary of digital traffic coming from Ukrainian organizations. But, you know, it's still unclear how this could all play out.

KELLY: NPR cybersecurity correspondent Jenna McLaughlin. Thank you, Jenna.

MCLAUGHLIN: Thanks, Mary Louise.

(SOUNDBITE OF MUSIC) Transcript provided by NPR, Copyright NPR.