Ukrainian Government Websites Forced Offline in “Massive” Cyber-Attack

The attack, which also targeted the UK, US and Swedish embassies in Ukraine, is suspected to have been perpetrated by Russian threat actors amid significant tensions between the two nations.

Ukraine has been hit by a “massive” cyber-attack, forcing more than a dozen government websites offline, it has been reported today.

This attack comes just a day after we were able to report that Ukrainian authorities made a number of arrests including that of an alleged ransomware ringleader.

The websites taken offline include the Ukrainian ministry of foreign affairs and the education ministry. Before going down, a sinister message appeared stating: “Ukrainians! … All information about you has become public. Be afraid and expect worse. It’s your past, present and future.”

The message also reproduced the Ukrainian flag and map crossed out and referenced “historical land.” This appeared in three languages: Ukrainian, Russian and Polish.

The Guardian quoted the Ukrainian foreign ministry’s spokesperson, Oleg Nikolenko, who said: “As a result of a massive cyber-attack, the website of the ministry of foreign affairs and other government agencies are temporarily down.

“Our specialists have already started restoring the work of IT systems, and the cyber-police has opened an investigation.”

Ukraine’s SBU security service said that no personal data was leaked in the attack.

The incident has come amid heightened tensions in the region, with the Kremlin demanding assurances that Ukraine will not join Nato. Russia has deployed 100,000 troops to the border with Ukraine.

The EU’s top diplomat, Josep Borrell, condemned the attacks, stating: “We are going to mobilize all our resources to help Ukraine to tackle this. Sadly, we knew it could happen.”

He added: “I can’t blame anybody as I have no proof. But we can imagine.”

Commenting on the story, Anthony Gilbert, cyber threat intelligence lead at Bridewell Consulting, said: “At the moment it’s unclear how the attack occurred or who is behind it, but given the current situation, it’s highly likely it was politically charged as there appears to be no financial motivation. The attackers probably wanted to give a warning or ignite civil unrest and spread further undercurrents of no confidence in the government.”

Toby Lewis, global head of threat analysis at Darktrace, said it was too early to jump to conclusions about the nature of the attack and its perpetrators. “We should be cautious around labelling this as a ‘sophisticated’ attack. Some cyber-attacks are more successful than others; some are advanced and others less so. A distributed denial of service (DDoS) attack, for example, which is an attempt to bring down websites or networks by overwhelming the webserver with internet traffic, is not particularly sophisticated and relatively easy to mitigate.

“Some of the website defacements, such as those left on the education website and the ministry of foreign affairs, are designed to mimic ‘nationalist/separatist groups’ with claims that the attack was done in the name of the UPA (Ukrainian Separatist Army), which has not existed for over 50 years. Attribution is impossible to do with digital data alone, and it is not unlikely that this is a false flag to divert attention away from the true perpetrators, to stir up unrest or simply impact the credibility of the website owners.”

Russia has previously been blamed for cyber-attacks on Ukraine in recent years. These include attacks in 2015 and 2016 that took out large parts of the country’s power grids.

Return to Cybersecurity News