Vole warned that the Malware was sitting waiting to be triggered and bears some resemblance to NotPetya, the widespreading 2017 malware which "American intelligence officials later traced to Russia."
The discovery comes as Russia has created a security crisis ignited in Eastern Europe by surrounding Ukraine on three sides with 100,000 troops and then apparently sending in saboteurs to create a pretext for invasion.
Writing in its Microsoft said at the same time government agencies in Ukraine found that their websites had been defaced investigators who watch over Microsoft's global networks detected the code.
"These systems span multiple government, nonprofit and information technology organisations, all based in Ukraine," Microsoft said.
The code appears to have been deployed around the time that Russian diplomats, after three days of meetings with the United States and NATO over the massing of Russian troops at the Ukrainian border, declared that the talks had essentially hit a dead end.
Microsoft said that it could not yet identify the group behind the intrusion, but that it did not appear to be an attacker that its investigators had seen before. The code, as described by the company's investigators, is meant to look like ransomware — it freezes up all computer functions and data, and demands a payment in return. But there is no infrastructure to accept money, leading investigators to conclude that the goal is to inflict maximum damage, not raise cash.
It is possible that the destructive software has not spread too widely and that Microsoft's disclosure will make it harder for the attack to metastasize. But it is also possible that the attackers will now launch the malware and try to destroy as many computers and networks as possible.
The new attack would wipe hard drives clean and destroy files. Some defense experts have said such an attack could be a prelude to a ground invasion by Russia. Others think it could substitute for an invasion, if the attackers believed a cyberstrike would not prompt the kind of financial and technological sanctions that US President Joe Biden has vowed to impose in response.
Ukraine's Ministry of Digital Development issued a statement that "All evidence indicates that Russia is behind the cyberattack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces." While the Associated Press reported the statement, the Times notes that the ministry provided no evidence, "and early attribution of attacks is frequently wrong or incomplete."