Ukraine's computer networks have been compromised by new malicious malware capable of wiping data from hacked workstations, according to two cybersecurity providers with a strong presence in the region.
Researchers from cybersecurity firms ESET and Broadcom Software's Symantec announced Wednesday the discovery of so-called data wiper malware.
The discovery came as U.S. officials predicted Russia's imminent invasion of its neighbor. Wiper malware has been identified attacking Ukrainian computer systems for the second time in as many months.
Wiper malware, which is frequently used by nation-state entities, typically possesses very pernicious hacking capabilities and the ability to act autonomously against a compromised system.
Ukraine's government officials accused a series of denial-of-service assaults Wednesday on hacking groups directed by the Russian government.
According to Reuters, Vikram Thakur of cybersecurity firm Symantec, which is also investigating the attacks, viruses had spread widely.
"There is activity in Ukraine and Latvia," Thakur explained. Lithuania was later added, according to a Symantec spokeswoman.
The wiper's author is unknown, but suspicion immediately fell on Russia, which has been accused of frequently executing data-scrambling hacks against Ukraine and other countries. Russia has vehemently refuted the accusations.
Cybersecurity specialists are scrambling to dissect the dangerous malware, a copy of which was submitted to Alphabet-owned crowdsourced cybersecurity website VirusTotal, in order to determine its capabilities.
The researchers discovered that the erasing program appeared to have been digitally signed by an obscure Cypriot business called Hermetica Digital Ltd.
Because operating systems do an initial check on software via code signing, such a certificate could have been created to assist the rogue application in evading anti-virus defenses.
While obtaining such a certificate under false pretenses - or stealing it - is not impossible, it is often indicative of a "skilled and targeted" operator, according to Brian Kime, a vice president at the U.S.-based cybersecurity firm ZeroFox.
Hermetica's contact information - which was established in the Cypriot city of Nicosia over a year ago - was not immediately available. There does not appear to be a website for the business.
Earlier on Wednesday, the government, foreign ministry, and state security service websites were all unavailable due to what the administration described as the beginnings of another distributed denial of service (DDoS) attack.
Meanwhile, as this developed, ABC News has reported that explosions were heard in Ukraine's capital city of Kyiv.
According to multiple news reports, the Russian invasion has begun.
