Written by AJ Vicens
A series of Ukrainian government websites were temporarily unavailable on Friday in what appeared to be a coordinated cyberattack amid growing tensions between Russia and Ukraine.
Following the massive hacking attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily unavailable,” Foreign Ministry spokesman Oleg Nikolenko tweeted. “Our specialists are already working on restoring the operation of computer systems. We apologize for any inconvenience.”
Nikolenko told The Associated Press it was too early to say who was behind the attacks, “but there is a long record of Russian cyberattacks against Ukraine in the past.”
The websites of Ukraine’s Cabinet, seven ministries, the Treasury, the National Emergency Service and the State Services website were temporarily unavailable, the AP reported. A message was posted on the sites in Ukrainian, Russian and Polish warning that personal data had been leaked – a claim denied by the Ukrainian National Communication Service – and advising to “be afraid and expect the worst. This is for your past, your present and your future.
The attacks come as Russia’s military buildup along the border with Ukraine continues, and talks between the US and Russia to prevent an invasion in recent days have failed to resolve the situation . White House national security adviser Jake Sullivan told reporters on Thursday that US intelligence had “developed information” that “Russia is laying the groundwork for an opportunity to fabricate a pretext for an invasion.” , including through sabotage activities and information operations”.
“We saw this playbook in 2014,” Sullivan said. “They’re making this playbook again.”
President Joe Biden has been briefed on the situation, a National Security Council spokesperson told CyberScoop. “We are in contact with the Ukrainians and have offered our support as Ukraine investigates the impact and nature and recovers from the incident,” the spokesperson said. “We have no attribution at this time.”
Later that day, Ministry of Defense spokesman John Kirby reiterated that it was too early to attribute the activity. But “this is a piece of the same kind of playbook we’ve seen from Russia in the past.”
Attacks and defacements of government websites are not new to Ukraine, dating back to 2008 and the Russian invasion of Georgia. The Russian government also has a well-documented history of targeting Ukrainian assets in cyberattacks ranging from the basic to the most complex and consequential.
“This incident could have been the work of government actors or government-sponsored actors or it could have been the work of elements of civil society responding independently,” said John Hultquist, vice president of intelligence. from cybersecurity firm Mandiant, in a statement. “Historically, most defacements have been low-level hackers who sometimes leave patriotic messages on targets, but government-sponsored actors have also carried out this type of activity.”
A coordinated attack on multiple websites may seem complex, but it could be the result of having access to a single content management system, he added: “It is important not to overestimate the capacity needed to carry out succeed with this attack”.
Toby Lewis, head of threat analysis at Darktrace, made a similar point.
“Government websites are typically built on common software, which explains the domino effect of website shutdowns we’re seeing,” he said. “We have to be careful about calling this a ‘sophisticated’ attack.”
A vulnerability in the content management system known as “October CMS” may have been exploited in the attack, Ukraine’s Computer Emergency Response Team (CERT) said in an advisory released on Friday. .
Updated on 01/14/22: To include a statement from the National Security Council, information from Ukraine’s CERT, and additional comments from DoD spokesman John Kirby.