Healthcare and Public Health Sector Cybersecurity Notification: Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations

Mary Madison, RN, RAC-CT, CDP
Clinical Consultant – Briggs Healthcare

January 16, 2022

Microsoft Security Blog

Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. Specifically, Microsoft identified intrusion activity originating from Ukraine that appeared to be possible Master Boot Records (MBR) Wiper activity. During Microsoft’s investigation, it found a unique malware capability being used in intrusion attacks against multiple victim organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022.

Given the scale of the observed intrusions, MSTIC is not able to assess intent of the identified destructive actions but does believe these actions represent an elevated risk to any government agency, non-profit or enterprise located or with systems in Ukraine. Microsoft strongly encourages all organizations to immediately conduct a thorough investigation and to implement defenses using the information provided in the blog.

Microsoft is aware of the ongoing geopolitical events in Ukraine and surrounding region and encourages organizations to use the information in the post to proactively protect from any malicious activity.

MSTIC will update the blog as additional information becomes available. Please review the full Microsoft Security Blog at

Additional Resources
US-CERT Announcement    

If you have comments or questions, send an email to . The CIP team will work to answer your inquiries or connect you to the proper entity.