Ukraine assesses damage after government websites go offline amid cyberattack

KYIV, Ukraine (AP) — A cyberattack left a number of Ukrainian government websites temporarily unavailable on Friday, officials said.

While it was not immediately clear who was behind the cyberattack, the disruption came amid heightened tensions with Russia and after talks between Moscow and the West failed to yield any significant progress this week.

Ukrainian Foreign Ministry spokesman Oleg Nikolenko told The Associated Press that it was too early to say who might have been behind the attack, “but there is a long list of Russian cyberattacks against Ukraine in the past”.

“They didn’t have access to the websites themselves.”

— Oleh Derevianko, founder of cybersecurity firm ISSP

Moscow had previously denied any involvement in cyberattacks against Ukraine.
The websites of the country’s cabinet, seven ministries, the Treasury, the National Emergency Service and the website of state services, where electronic passports and vaccination certificates of Ukrainians are stored, were temporarily unavailable on Friday as a result of hacking.

The websites contained a message in Ukrainian, Russian and Polish, indicating that Ukrainians’ personal data had been leaked into the public domain. “Be afraid and expect the worst. This is for your past, your present and your future,” the post read in part.

Goods Corner: Tensions between Russia and Ukraine are not fully priced into commodities

The Ukrainian Foreign Ministry said it was too early to determine who was behind the attack.

Press service of the Ministry of Foreign Affairs of Ukraine/PA

The Ukrainian State Service for Special Communication and Information Protection said that no personal data had been leaked. The country’s minister for digital transformation, Mykhailo Fedorov, said later Friday that “a large part” of the affected websites had been restored.

Victor Zhora, vice president of the State Special Communications Service, said no critical infrastructure was affected. Zhora told a press conference on Friday that around 70 websites of national and regional government bodies were affected by the attack.

The hack was tantamount to simply defacing government websites, said Oleh Derevianko, a leading private sector expert and founder of cybersecurity firm ISSP. Hackers broke into a content management system they all use.

“They didn’t get access to the websites themselves,” Derevianko said.

Derevianko said the hacker may have gained access to the hacked content management system a long time ago, so the question to consider is the timing of the degradation and the provocative message.

“It could just be a regular information operation [seeking] to undermine government capacity and to create and increase uncertainty,” Derevianko added. It could also be “part of a planned hybrid attack or a longer-term, more sophisticated cyber operation that is underway but has not been successful.”

The main question, Derevianko said, is whether this is a stand-alone hacktivist action or part of a larger state-backed operation.

Tensions between Ukraine and Russia have risen in recent months after Moscow rounded up around 100,000 troops near the Ukrainian border, stoking fears of an invasion. Moscow says it has no intention of attacking and rejects Washington’s request to withdraw its forces, saying it has the right to deploy them wherever needed.

The Kremlin has demanded security guarantees from the West that NATO refuse membership to Ukraine and other former Soviet countries and cancel the alliance’s military deployments in central and eastern Europe. Washington and its allies declined to provide such promises, but said they were ready for talks.

High-stakes talks this week between Moscow and the United States, followed by a meeting of Russian and NATO representatives and a meeting at the Organization for Security and Cooperation in Europe, will not did not make it possible to move forward immediately.

NATO Secretary General Jens Stoltenberg said Friday that the 30-nation military organization will continue to provide “strong political and practical support” to Ukraine in light of the cyberattacks.

“In the coming days, NATO and Ukraine will sign an agreement on enhanced cybersecurity cooperation, including Ukraine’s access to the NATO Malware Information Sharing Platform. ‘NATO,” Stoltenberg said in a statement.

European Union foreign policy chief Josep Borrell said on Friday that the 27-nation bloc was ready to mobilize all its resources to provide technical assistance to Ukraine and help it improve its ability to do against cyberattacks.

Borrell told a meeting of EU foreign ministers in the French port city of Brest that the bloc would mobilize its rapid response teams online. “We will mobilize all our resources to help Ukraine deal with these cyberattacks,” Borrell said. “Unfortunately, we expected this to happen.”

Asked who might be behind the attack, Borrell replied: “I can’t point anyone out because I don’t have any evidence, but one can imagine.”

Russia has a long history of launching aggressive cyber operations against Ukraine, including a hack into its voting system ahead of the 2014 national elections and an attack on the country’s power grid in 2015 and 2016. In 2017, Russia unleashed one of the most damaging cyberattacks on record with the NotPetya Virus which targeted Ukrainian companies and caused over $10 billion in damage worldwide.

Ukrainian cybersecurity professionals have beefed up critical infrastructure defenses in the wake of Russian state-sponsored attacks that temporarily disabled parts of Ukraine’s power grid during the winters of 2015 and 2016, and the crippling NotPetya cyberattack.

To see: Russian intervention in Kazakh civil unrest seen as likely to change Putin’s reckoning on Ukraine

Also: Putin and Lukashenka plan joint Russia-Belarus war games for the new year

Zhora told the AP that officials are particularly concerned about Russian attacks on the power grid, rail network and central bank.

Experts recently said the threat of another such cyberattack was significant because it would give Russian President Vladimir Putin the ability to destabilize Ukraine and other former Soviet countries that want to join NATO without having to commit of troops.

“If you’re trying to use it as a stage and a deterrent to keep people from moving forward with consideration of NATO or other things, cyber is perfect,” Tim Conway said. , a cybersecurity instructor at the SANS Institute, told The Associated Press in an interview last week.

Conway was in Ukraine last month to carry out a simulated cyberattack on the country’s energy sector. The United States has been investing in improving Ukraine’s cyber defense for several years through various departments, such as the Department of Energy and USAID.

The White House did not immediately respond to a request for comment.

John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiant MNDT,
said that while it is too early to tell who is behind the downgrades, such actions are in the Russian government’s playbook. Russian hackers were accused of defacing Georgian websites in 2019.

Continue reading: Biden signs bill authorizing $768.2 billion in defense spending in 2022, including a 2.7% salary increase for the military, into law