Microsoft Corp said in a blog post on Saturday it observed destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government.
The victims of the malware include Ukrainian government agencies that provide critical executive branch or emergency response functions, Microsoft said.
Also affected was an information technology firm that manages websites for public and private sector clients, including government agencies whose websites were recently defaced. Microsoft did not identify the IT firm involved.
The U.S. software giant, which first detected the malware on Thursday, said the malware attacks did not make use of any vulnerability in Microsoft products and services.
A massive cyberattack splashed on government websites on Thursday night, warning Ukrainians to "be afraid and expect the worst" hit, leaving some websites inaccessible on Friday morning and prompting Ukraine to open an investigation.
Reuters reported on Saturday that Ukraine had suspected a hacker group linked to Belarus intelligence carried out a cyberattack, and that it used malware similar to that used by a group tied to Russian intelligence, according to a senior Ukrainian security official.
The malware, which is disguised as ransomware, would render the infected computer system inoperable if activated by the attacker, Microsoft said, adding the company will continue to work with the cybersecurity community to identify and assist targets and victims.