Back to Spotlight

Future cyberattacks on Ukraine may seek to destabilise the country, disrupt information flow, or undermine the population’s will to fight. Several noteworthy cyberattacks have already occurred in Ukraine.



  • On January 15th 2022, Microsoft released information of a destructive malware, called Whispergate, that had hit several Ukraine-based government, nonprofit and IT organisations. Hackers had also targeted Canada’s diplomatic and external affairs agency.
  • The malware has similarities with the 2017 malware NotPetya, which was also destructive malware disguised as ransomware.
  • Accenture identified three state-sponsored hacker groups that are most active in Ukraine: Sandfish (responsible for the NotPetya attacks), Winterflounder (targeted the Ukraine government), and Walleye (targeting intelligence missions against state institutions).
  • How can companies mitigate the cyber threat stemming from geopolitical tensions?
  • Current guidance and commentary suggest that companies should be more alert to anomalies in their networks. Beyond that, Accenture suggests a few high-priority tactical mitigations:
    • Patching externally-facing infrastructure
    • Audit domain controllers for specific logging requests
    • Having an incident response retainer in place 
    • Treating malware detections with highpriority
    • Test and conduct backup procedures
  • In addition, the article provides strategic mitigations, such as monitoring administrator accounts or segmentation of IT and OT networks. 


Why does this matter for businesses?


  • Although these threat actors mainly target organisations in Ukraine, spillover from the attacks could affect organisations outside of the initial target sets.
  • Companies are encouraged to operate on high alert. State-sponsored cyberattacks will likely be visible in private companies first.


 Read the full story