Cyberattack in Ukraine targets government websites
A cyberattack left a number of Ukrainian government websites temporarily unavailable on Friday, officials said.
While it wasn’t immediately clear who was behind the cyberattack, the disruption came amid heightened tensions with Russia and after talks between Moscow and the West failed to yield any significant progress this week.
Ukrainian Foreign Ministry spokesman Oleg Nikolenko told The Associated Press it was too soon to tell who could have been behind the attack, "but there is a long record of Russian cyber assaults against Ukraine in the past."
Moscow had previously denied involvement in cyberattacks against Ukraine.
The websites of the country’s Cabinet, seven ministries, the Treasury, the National Emergency Service and the state services website, where Ukrainians’ electronic passports and vaccination certificates are stored, were temporarily unavailable Friday as a result of the hack.
The websites contained a message in Ukrainian, Russian and Polish, saying that Ukrainians’ personal data has been leaked into the public domain. "Be afraid and expect the worst. This is for your past, present and future," the message read, in part.
Ukraine’s State Service of Special Communication and Information Protection said that no personal data has been leaked. The country’s minister for digital transformation, Mykhailo Fedorov, said later on Friday that "a large part" of the affected websites have been restored.
Victor Zhora, deputy chair of the State Service of Special Communication, said no critical infrastructure was affected. Zhora told a news conference Friday that about 70 websites of both national and regional government bodies have been affected by the attack.
The hack amounted to a simple defacement of government websites, said Oleh Derevianko, a leading private sector expert and founder of the ISSP cybersecurity firm. The hackers got into a content management system they all use.
"They didn’t get access to the websites themselves," Derevianko said.
Derevianko said the hacker may have gained access to the hacked content management system long ago so the question to consider is the timing of the defacement and the provocative message.
"It could be just a regular information operation (seeking) to undermine the government’s capability and to create and enhance uncertainty," added Derevianko. It could also possibly be "part of a planned hybrid attack or longer term and more sophisticated cyber operation which is underway but has not culminated."
The main question, said Derevianko, is whether this is a standalone hacktivist action or part of a larger state-backed operation.
Tensions between Ukraine and Russia have been running high in recent months after Moscow amassed an estimated 100,000 troops near Ukraine’s border, stoking fears of an invasion. Moscow says it has no plans to attack and rejects Washington’s demand to pull back its forces, saying it has the right to deploy them wherever necessary.
The Kremlin has demanded security guarantees from the West that NATO deny membership to Ukraine and other former Soviet countries and roll back the alliance’s military deployments in Central and Eastern Europe. Washington and its allies have refused to provide such pledges, but said they are ready for the talks.
High-stakes talks this week between Moscow and the U.S., followed by a meeting of Russia and NATO representatives and a meeting at the Organization for Security and Cooperation in Europe, failed to bring about any immediate progress.
NATO Secretary-General Jens Stoltenberg said Friday that the 30-country military organization will continue to provide "strong political and practical support" to Ukraine in light of the cyber attacks.
"In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation, including Ukrainian access to NATO’s malware information sharing platform," Stoltenberg said in a statement.
European Union foreign policy chief Josep Borrell said Friday that the 27-nation bloc is ready to mobilize all its resources to provide technical assistance to Ukraine and help it improve its capacity to weather cyberattacks.
Borrell told a a meeting of EU foreign ministers in the French port city of Brest that the bloc would mobilize its cyber rapid response teams. "We are going to mobilize all our resources to help Ukraine cope with these cyberattacks," Borrell said. "Sadly, we expected this could happen."
Asked who could be behind the attack, Borrell said: "I can’t point at anybody because I have no proof, but one can imagine."
Russia has long history of launching aggressive cyber operations against Ukraine, including a hack of its voting system ahead of 2014 national elections and an assault the country’s power grid in 2015 and 2016. In 2017, Russia unleashed one of most damaging cyberattacks on record with the NotPetya virus that targeted Ukrainian businesses and caused more than $10 billion in damage globally.
Ukrainian cybersecurity professionals have been fortifying the defenses of critical infrastructure following state-backed Russian attacks that temporarily disabled parts of Ukraine’s power grid in the winters of 2015 and 2016, and the crippling NotPetya cyberattack.
Zhora has told the AP that officials are particularly concerned about Russian attacks on the power grid, rail network and central bank.
Experts have said recently that the threat of another such cyberattack is significant as it would give Russian President Vladimir Putin the ability to destabilize Ukraine and other former Soviet countries that wish to join NATO without having to commit troops.
"If you’re trying to use it as a stage and a deterrent to stop people from moving forward with NATO consideration or other things, cyber is perfect," Tim Conway, a cybersecurity instructor at the SANS Institute, told The Associated Press in an interview last week.
Conway was in Ukraine last month conducting a simulated cyberattack on the country’s energy sector. The U.S. has been investing in improving Ukraine’s cyber defenses for several years through various departments, like the Department of Energy and USAID.
The White House didn’t immediately respond to a request seeking comment.
John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiant, said while it’s too soon to say who is behind the defacements, such actions are in the Russian government’s playbook. Russian hackers were blamed for defacing Georgian websites in 2019.