KYIV, UKRAINE – A series of cyberattacks took the websites of the Ukrainian army, the Ministry of Defense and major banks offline on Tuesday, Ukrainian authorities said, as tensions persisted over the threat of a possible Russian invasion.
Yet there was no indication that distributed denial of service attacks could be a smokescreen for more serious and damaging cyber mischief.
At least 10 Ukrainian websites were inaccessible due to the attacks, including the ministries of defence, foreign affairs and culture and Ukraine’s two largest state banks. During such attacks, websites are invaded by a flood of unwanted data packets, making them inaccessible.
“We have no information about other disruptive actions that (could) be hidden by this DDoS attack,” said Victor Zhora, a senior Ukrainian cyber defense official. He said emergency response teams were working to cut off attackers and restore services.
Customers of Ukraine’s largest state-owned bank, Privatbank, and state-owned Sberbank have reported issues with online payments and bank apps.
Among the attackers’ targets was the Ukrainian military’s hosting provider and Privatbank, said Doug Madory, director of internet analytics at network management firm Kentik Inc.
“There is no threat to depositors’ funds,” Zhora’s agency, the Center for Strategic Communications and Information Security of Ukraine’s Information Ministry, said in a statement. The attack also did not affect the communications of Ukrainian military forces, Zhora said.
It was too early to say who was behind the attack, he added.
The ministry statement suggests Russian involvement: “It is possible that the aggressor resorted to petty mischief tactics, as his aggressive plans do not work on the whole,” the Ukrainian statement said.
Rapid attribution in cyberattacks is usually difficult, as attackers often try to cover their tracks.
“We need to analyze IT vendor logs,” Zhora said.
Oleh Derevianko, a leading private sector expert and founder of cybersecurity firm ISSP, said Ukrainians are always worried that such “noisy” cyberattacks may be masking something more sinister.
Escalating fears over a Russian invasion of Ukraine eased slightly as Russia sent signals on Tuesday that it could be pulling back from the brink, but Western powers demanded proof.
Yet cyberaggression is typical of Russian President Vladimir Putin, who enjoys trying to unbalance his adversaries.
“These attacks increase attention and pressure,” said Christian Sorensen, CEO of cybersecurity firm SightGain, who previously worked for US Cyber Command. “The goal at this stage is to increase leverage in the negotiations.”
Ukraine has been under a constant regime of Russian aggression in cyberspace since 2014, when Russia annexed the Crimean peninsula and backed separatists in eastern Ukraine.
On January 14, a cyberattack damaged the servers of the Ukrainian State Emergency Service and Motor Transport Insurance Bureau with a malicious “windshield wiper” disguised as ransomware. The damage was found to be minimal – some cybersecurity experts believe it was intentional, given the capabilities of the Russian state-backed hackers. A message posted simultaneously on dozens of defaced Ukrainian government websites read: “Be afraid and expect the worst.”
Serhii Demediuk, the head of Ukraine’s National Security and Defense Council No. 2, called the January 14 attack “part of a large-scale Russian operation aimed at destabilizing the situation in Ukraine, aimed at blow up our Euro-Atlantic integration and seize power”. .”
Such attacks are likely to continue as Putin attempts to “degrade” and “delegitimize” trust in Ukrainian institutions, cybersecurity firm CrowdStrike said in a subsequent blog post.
In the winters of 2015 and 2016, attacks on Ukraine’s power grid attributed to the Russian military intelligence agency GRU temporarily knocked out power.
The Russian GRU was also blamed for perhaps the most devastating cyber attack of all time. Targeting companies doing business in Ukraine in 2017, the NotPetya virus caused more than $10 billion in damage worldwide. The virus, also disguised as ransomware, was a “windshield wiper” virus that wiped entire networks.
Bajak reported from Boston. AP writer Alan Suderman contributed from Richmond, Virginia.