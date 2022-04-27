The cybersecurity company Trellix says pro-Russia hackers had infiltrated the networks of numerous Ukrainian government agencies long before Russia’s ground invasion started in late February. In fact, hackers had planted malicious code in the networks even before Russian troops began assembling at the Ukrainian border in 2021.

These findings were part of a broader report on the global cyberthreat environment from San Jose, California-based Trellix, which was created last year via a merger between cybersecurity firms FireEye and McAfee Enterprise. The firm bases its findings on an analysis of data collected from organizations using McAfee Enterprise software.

The Trellix analysts found evidence of “wiper” malware that was later activated remotely to delete all content on the hard drives of Ukrainian government computers. The malware matched the signature of malware used in the past by actors known to be associated with the Russian government, says Christiaan Beek, lead scientist and principal engineer at Trellix’s Threat Labs division. The malware also originated from the same time zone as Moscow’s, Beek says, adding that some instances of the malware may have come from others acting on Russia’s behalf.

In any case, the malware had been there a while. “Somebody had longtime access,” Beek tells Fast Company. “They set up multiple entry points to target systems. They do every trick out of the book.”