Cyberattack hits Ukraine government websites
By Katharina Krebs and Jake Kwon, CNN
Scores of Ukrainian government websites were targeted in a cyberattack with threatening text warning Ukrainians to “be afraid and wait for the worst” and alleging their personal information has been hacked.
Ukraine claimed Russia was most likely behind the attack, which affected the websites of the Ministry of Foreign Affairs and a number of other government agencies.
Oleg Nikolenko, Ukraine’s foreign ministry spokesman tweeted on Friday that the “investigation is still ongoing but the Security Service of Ukraine has obtained preliminary indicators suggesting that hacker groups associated with the Russian secret services may stand behind today’s massive cyberattack on government websites.”
Ukraine’s communication intelligence service said in a statement that as many as 70 central and regional authority websites were targeted.
The attack appears to be a low-level incident but is symbolic coming at the end of a week of frantic diplomacy involving NATO, the Organization for Security and Co-operation in Europe (OSCE) and bilateral talks between Russia and the United States — all aimed at trying to deescalate tensions on Ukraine’s border.
“This is not the first time or even the second time that Ukrainian Internet resources have been attacked since the beginning of the Russian military aggression,” the Ukrainian Information Ministry said in a statement.
Most of the affected state resources have already been restored, according to Ukraine’s security service, who said that personal data had not been breached.
What happened?
Early Friday morning local time, Ukrainian government websites, including that of the Foreign Ministry, displayed dark screens with a threatening text that said Ukrainians’ personal information had been hacked.
“Ukrainian! All your personal data has been uploaded to the public network. All data on the computer is destroyed, it is impossible to restore them,” the message, published in Ukrainian, Russian and Polish, read.
“All information about you has become public, be afraid and wait for the worst. This is for you for your past, present and future. For Volhynia, for the OUN UIA [Organization of Ukrainian Nationalists Ukrainian Insurgent Army], for Galicia, for Polesie and for historical lands,” the web page read.
The UIA and OUN were Ukrainian ultranationalist groups that fought for independence during the Soviet era, while Galicia, Volhynia and Polesie are areas from which they historically drew high levels of support.
A statement from Ukraine’s Ministry of Culture and Information Policy suggested that the text mentioned the groups and regions as a “way to conceal the “Russian footprint” by hackers.”
“It is obvious that this was done on purpose to cast a shadow over the hacker attack on Poland: Russia and its proxies have been working for a long time to create the quarrel between two friendly neighboring countries,” the ministry added in a statement.
The Security Service of Ukraine said in a statement that although “provocative messages were posted on the main page of these sites,” the content of the sites was not changed, adding “the leakage of personal data, according to preliminary information, did not occur.”
The websites of the ministries of education, foreign affairs, sport, energy, agrarian policy, veterans, environment and the state emergency service of Ukraine and the state treasury were targeted, according to state media Ukrinform.
The Ministry of Education and Science, whose official website is down, directed citizens to use the ministry’s official social media channels on Friday while the issue is being resolved.
The head of Ukraine’s technical security and intelligence service Yuri Shchigol said almost 70 websites of central and regional authorities had been affected.
“It appears that each of these sites was developed on behalf of the government of Ukraine by a Ukrainian firm named Kitsoft,” said Matt Olney, director of threat intelligence and interdiction at Talos, the threat intelligence unit of technology giant Cisco, told CNN. “While obviously unfortunate, we do not see this event alone as indicating an increase or decrease of [cyber] risk in Ukraine,” he added.
Oleksandr Iefremov, the CEO of Kitsoft, said the firm was “actively involved in restoring” the government websites that it supports. Not all of the Ukrainian government websites affected by the hack run Kitsoft software, Iefremov said in a statement sent to CNN.
“We test vulnerabilities, bugs, and update government websites that are supported by Kitsoft company in a timely manner,” Iefremov said. “Unfortunately, not all the customers order website support, so we dіd not have access to them.”
While the Ukrainian government has suggested Russian involvement in the hack, outside experts say they cannot make that attribution without forensic evidence.
Oleh Derevianko, founder of Kyiv-based cybersecurity firm ISSP, said he wasn’t surprised by the defacement of government websites.
“It’s a good illustration how you can use a simple defacement attack as an informational operation tool when everyone is so nervous and agitated about potential invasion,” he told CNN.
Attacks add to an ‘already tense situation’
The EU’s chief diplomat Josep Borrell condemned the cyberattack, warning it contributes to the “already tense situation” in the region.
During a joint press conference with the French foreign minister in Brest, France, on Friday, Borrell, the EU’s high representative for foreign affairs and security policy, said he convened an emergency meeting upon learning of the attack on Ukrainian government websites.
“Such actions aimed at destabilizing Ukrainian contribute to further escalation of the already tense situation,” Borrell said.
When asked if Russian governmental or non-governmental actors were behind the attacks, Borrell responded that although he didn’t want to “point fingers” there “is a certain probability as to where they came from.”
Ukrainian Foreign Ministry Spokesman Oleg Nikolenko said Friday that it is “too early to draw conclusions” as to who is behind the attack, but said there is a “long record of Russian cyber assaults against Ukraine in the past.”
Separately, Ukraine’s Ministry of Defense alleged in a statement Friday that Russian special services are preparing provocations against servicemen of the Russian Armed Forces in order to accuse Ukraine.
The statement from the ministry’s intelligence directorate said: “The military units of the aggressor country and its satellites receive orders to prepare for such provocations.”
CNN has contacted Russia’s defense ministry for comment on both allegations.
Tensions with Russia at a high
The US and Russia met this week for high-stakes talks aimed at averting a war, as Russia continued to mass troops near Ukraine’s borders amid a dispute over NATO activities in Eastern Europe and the prospect that Ukraine could join the military alliance.
Tensions between Ukraine and Russia are at their highest in years, with the Russian military build-up spurring fears that Moscow could launch an invasion in the coming weeks or months.
Ukraine has said that Russia is trying to destabilize the country ahead of any planned military invasion, and Western powers have repeatedly warned Russia against further aggressive moves.
The Kremlin denies it is planning to attack and argues that NATO support for Ukraine — including increased weapons supplies and military training — constitutes a growing threat on Russia’s western flank.
A senior US official warned that the “drumbeat of war is sounding loud” after a week of talks ended Thursday without clear breakthroughs.
Russian officials suggested they were poised to abandon discussions over the US and NATO’s refusal to entertain Moscow’s key demands: a guarantee that Ukraine will never be permitted to join NATO and that the alliance roll back its expansion in Eastern Europe.
On Friday, Russian Foreign Minister Sergey Lavrov told a press briefing that while Moscow’s proposals were “aimed at reducing the military confrontation, de-escalating the overall situation in Europe, exactly the opposite is happening in the West.”
He said: “We absolutely do not accept the appearance of the North Atlantic Alliance on our borders, especially taking into account the course pursued by the Ukrainian leadership – both by the former and the current ones. These are truly the red lines and they know it.”
The-CNN-Wire
™ & © 2022 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.
Katharina Krebs reported from Kyiv and Jake Kwon reported from Seoul. Jeremy Herb, Jennifer Hansler, Alex Marquardt, Kylie Atwood, Sean Lyngaas, Sam Kiley and Dalal Mawad contributed reporting.