Campaign of weather cyberattacks on Ukrainian government websites, strongly suspected to originate from Russia


Many cybersecurity experts had predicted that the current conflict between Russia and Ukraine would largely unfold in the form of cyberattacks rather than physical warfare. A series of attacks on government websites there appear to be the first salvo, as suspected Russian hacking teams have left messages threatening residents of the country.

The attackers briefly took down the public websites of several Ukrainian government agencies and defaced some sites with pro-Russian messages that touched on Ukrainian history. The hackers also left a warning on at least one page saying the country’s personal information was unsafe and could be made public.

Government websites hacked as Russian-Ukrainian conflict escalates

The wave of cyberattacks against Ukrainian government websites came shortly after the breakdown of talks between Russia and NATO, and Russia has raised the possibility of military deployments in Cuba and Venezuela in response to the actions of the United States. A spokesperson for Ukraine said around 70 websites were affected, including those of regional governments.

The attacks briefly destroyed the websites of Ukraine’s Ministry of Foreign Affairs and Ministry of Education, among others. The threat against Dox residents of Ukraine was left on the Foreign Ministry website, reading: “Ukrainians! … All information about you has become public. Be afraid and expect worse. It is your past, your present and your future.

Following the cyberattacks, Ukraine’s security service released a statement saying no personal data was breached and most affected government websites were restored.

The posts also included references to the UIA and OUN, defunct nationalist groups that fought against the Soviets. Some analysts believe this was a very basic attempt to cover up the real origin of cyberattacks.

The NATO secretary general did not formally blame Russia, but said it was not hard to imagine who was responsible. This refers to a roughly eight-year history of intermittent Russian cyberattacks on Ukraine, as tensions erupted again and again. NATO said it was mobilizing a response and would soon sign a cyber cooperation agreement with the Ukrainian government. Elizabeth Wharton, vice president of operations for SCYTHE, represents the view of many cybersecurity experts who don’t need to see anything else to assume Russia is behind this: “It’s not surprising. It’s cyberbullying typical of Russia’s active measures doctrine, which uses disinformation, propaganda and deception to try to influence world events and disrupt governments.

For its part, Russia’s demands go beyond a change of government or the handing over of any disputed territory to Ukraine. The country has used recent NATO talks as an opportunity to demand that Ukraine and Georgia be officially denied entry into the alliance, as well as the withdrawal of all troops and equipment from Eastern Europe. ‘East.

Cyberattacks mirror previous actions against Ukraine

According to Ukraine’s Technical Security and Intelligence Service, there is a common thread between particular government websites that have suffered cyberattacks. All were serviced by a third-party company called Kitsoft that apparently built each site for agencies. A forensic investigation is ongoing and it will not be clear if some sort of Kitsoft vendor compromise was the root cause until it is complete; the company’s CEO said it provides software independently maintained by each agency, and government websites that were hacked did not opt ​​in to the company’s continued support.

Katie Nickels, Director of Intelligence for Red Canary, provides insight into a known vulnerability that may have been exploited to gain access to government websites: “Based on this initial information, degraded Ukrainian websites may have been compromised in due to a vulnerability in system called Oct. The vendor is said to have patched the vulnerability in August 2021, so it’s not day zero and it’s not particularly complex to exploit… Although the downgrades aren’t hard to perform and website downtime being a minor annoyance, these downgrades can have a psychological influence during a tense situation.”

The modern conflict between Russia and Ukraine dates back to 2014, when a pro-Russian separatist movement engaged in armed conflict within the latter country’s borders and Russia annexed Crimea through strength. Ukraine has increasingly allied itself with the West, leading to continued aggression from Russia that has mostly manifested in the form of cyberattacks. Sporadic Russian attacks on Ukrainian infrastructure have disabled electricity, banking services and even grocery store freezing systems. The NotPetya virus that plagued the world in 2017 is believed to have escaped from the region after it started as one such cyberattack campaign. And Ukraine’s Central Election Commission was hacked during the 2014 elections in that country, with traces of the malware later used linked to the 2016 US Democratic National Committee hack.

One of the central events driving the recent outbreak of hostilities is the seemingly growing possibility of Ukraine joining NATO, which would entitle it to automatic military assistance in the defense of NATO allies if it was attacked by Russia. At a summit in June 2021, NATO leaders appeared to confirm the way forward for Ukraine to eventually join the alliance (the “Membership Action Plan”). This came several months after Russia resumed massing troops on the country’s border.

A wave of #cyberattacks against Ukrainian government websites came shortly after talks between Russia and NATO broke down, and Russia raised the possibility of military deployments. #cybersecurity #respectdataClick to tweet

Ukraine’s security service says it now neutralizes about 1,200 attempted attacks from Russia every year. In addition to matching the general pattern of cyberattacks that dates back to 2014 (and even 2008 including the attacks on Georgia), Ukrainian officials say they have evidence that a Belarusian paramilitary intelligence group with ties to Russia was at behind the recent attacks on Georgia. government websites. The Russian Foreign Ministry has yet to respond to the charges, but has always denied responsibility for such cyberattacks in the past.


Comments are closed.