‘Be afraid’: Cyberattack in Ukraine targets government websites
Disruption comes as tensions with Russia escalate, as NATO and EU promise to help Kyiv weather further attacks.
A massive cyberattack left Ukrainian government websites temporarily unavailable on Friday, officials said.
The disruption came amid heightened tensions with Russia and after talks between Moscow and the West failed to yield any significant progress this week.
Ukraine’s state security service (SBU) said late on Friday that it saw some signs the attack was linked to hacker groups associated with Russian intelligence services.
“All details of the incident are documented within the framework of the previously opened criminal proceedings. So far, we can say that there are some signs of involvement in the incident of hacker groups associated with the special services of the Russian Federation,” SBU said in a statement.
Moscow has previously denied involvement in cyberattacks against Ukraine.
The hackers appear to have used the software administration rights of a third-party company that developed the sites, a top Ukrainian security official told the Reuters news agency late on Friday.
“According to the preliminary conclusions of our experts … today’s attack occurred due to the use by third parties of access to the software administration rights of a company that had an advantage in developing websites for government agencies,” Serhiy Demedyuk, the deputy secretary of Ukraine’s national security and defence council, said in written comments.
“The specified software has been used since 2016 to create websites for government agencies, most of which became victims of today’s incident,” said Demedyuk, who used to be the head of Ukraine’s cyber police.
He did not name the third party company.
The websites of the country’s cabinet, seven ministries, the treasury, the National Emergency Service and the state services website, where Ukrainians’ electronic passports and vaccination certificates are stored, were temporarily unavailable on Friday as a result of the hack.
The websites contained a message in Ukrainian, Russian and Polish, saying that Ukrainians’ personal data has been leaked into the public domain.
“Be afraid and expect the worst. This is for your past, present and future,” the message read, in part.
Ukraine’s security service said no personal data has been leaked. Most affected websites were restored later on Friday and no critical infrastructure was affected.
Tensions between Ukraine and Russia have been running high in recent months after Moscow amassed an estimated 100,000 soldiers near Ukraine’s border, stoking fears of an invasion.
Moscow said it has no plans to attack and rejects Washington’s demand to pull back its forces, saying it has the right to deploy them wherever necessary.
The Kremlin has demanded security guarantees from the West that NATO deny membership to Ukraine and other former Soviet countries and roll back the alliance’s military deployments in Central and Eastern Europe. Washington and its allies have refused to provide such pledges, but said they are ready for the talks.
NATO Secretary-General Jens Stoltenberg said on Friday that in the coming days “NATO and Ukraine will sign an agreement on enhanced cyber-cooperation, including Ukrainian access to NATO’s malware information sharing platform”.
European Union foreign policy chief Josep Borrell said the bloc is ready to mobilise resources to improve Ukraine’s capacity to weather cyberattacks. “Sadly, we expected this could happen,” he said.
Asked who could be behind the attack, Borrell said: “I can’t point at anybody because I have no proof, but one can imagine.”
Russia has a long history of launching aggressive cyber-operations against Ukraine, including a hack of its voting system ahead of the 2014 national elections and an assault on the country’s power grid in 2015 and 2016.
In 2017, Russia unleashed one of the most damaging cyberattacks on record with the NotPetya virus that targeted Ukrainian businesses and caused more than $10bn in damage globally.
In a separate development, Russia on Friday said it had dismantled the prominent hacking group REvil, which carried out a high-profile attack last year on IT software company Kaseya, following a request from Washington.
Cybersecurity was one of the main issues on the agenda of a summit meeting between Russian President Vladimir Putin and US President Joe Biden last June.
Russia’s Federal Security Service (FSB) said in a statement that it had “suppressed the illegal activities” of members of the group during raids on 25 addresses that swept up 14 people.
The searches were carried out following an “appeal from the relevant US authorities”.