Russian hackers are assailing computers across Ukraine to infect them with malware in the build-up to a massive, co-ordinated attack, the country's head of cyber policing has said.
The hackers are creating so-called back doors in machines belonging to banks, energy companies and other firms, according to Serhiy Demedyuk, who suggested the cadre was preparing to activate its malware in one sweep.
Ukrainian police are working with foreign authorities to identify the group, Mr Demedyuk said.
Law enforcement and corporate security teams around the world pay close attention to cyber threats in Ukraine, where some of the most destructive hacks in history have originated.
A virus dubbed “NotPetya” hit the country in June 2017, taking down government agencies and businesses before spreading to corporate networks around the globe, causing companies billions of pounds in losses.
“The fact that the Ukraine government has decided to go public with this shows that they are scared that this could have a big impact and want people to be aware,” said Jaime Blasco, chief scientist from cybersecurity firm AlienVault.
It is hard to contain the impact of a cyberattack within one nation, meaning the new threat could spread around the globe, he added.
Since the start of the year, Ukraine police have identified viruses in phishing emails sent from legitimate domains of state institutions whose systems were hacked and fake webpages mimicking those of a real state body.
Hackers have sought to evade detection by breaking malware into separate files, which are put onto targeted networks before being activated, Mr Demedyuk said.
“Analysis of the malicious software that has already been identified and the targeting of attacks on Ukraine suggest that this is all being done for a specific day,” he added.
Kiev has accused Russia of orchestrating large-scale cyberattacks as part of a “hybrid war” against Ukraine, which Moscow repeatedly denies, in the wake of Russia’s annexation of Crimea in 2014.
Some attacks have coincided with major Ukrainian holidays. Mr Demedyuk said another strike could be launched on Thursday – Constitution Day - or on Independence Day in August.
The US and Britain joined Ukraine in blaming Russia for the NotPetya campaign in 2017. It took a costly toll on quarterly results of major global corporations including Cadbury chocolate maker Mondelez International and freight logistics company FedEx.
Representatives of the FBI could not be reached for comment.
The scale of the current campaign is the same as NotPetya, according to Mr Demedyuk.
“This is support on a government level – very expensive and very synchronised. Without the help of government bodies, it would not be possible. We’re talking now about the Russian Federation,” he said.
“Everything we’re seeing, everything we’ve intercepted in this period: 99 percent of the traces come from Russia.”
The Kremlin did not respond to a request for comment.
Ukraine is better prepared to withstand such attacks thanks to cooperation with foreign allies including the US, Britain and Nato, Demedyuk said.
Still, there are some Ukrainian companies that have not cleaned their computers after NotPetya struck, which means they are still infected by that virus and vulnerable to being used for another attack.
“We are sounding the alarm to remind people – come to your senses, check your equipment,” he said.
News of the potential hack comes as Boris Johnson is due to confirm £35m of UK support for Ukraine in an effort to counter the influence of Russia.
The foreign secretary will join international counterparts at a summit in Copenhagen aimed at bolstering support for Kiev.
The money includes help for projects to support Ukrainian defence reform, promote peace-building and eliminate corruption, the Foreign Office said.
The package also includes £5m this year to help counter disinformation by Vladimir Putin's Kremlin.
Work already being carried out by the UK includes support to Ukraine’s public broadcaster, a project to help Ukrainian schools build resilience against disinformation, and funding for an NGO network across Europe to debunk fake media stories.
Mr Johnson said: “With Russia continuing its efforts to destabilise Ukraine, and the occupation of Crimea ongoing, Britain must help to lead the way on ensuring Ukraine has a bright, stable and prosperous future.
“That’s why we continue to provide support, which will help Ukraine to build on the progress it has made since 2014 and on key reforms since the inaugural London Reform Conference last year.
“We do all this because it is essential for Ukraine’s future security and prosperity, and because it is essential for upholding our European values, our security and our prosperity.”
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies