Fri | Jan 21, 2022

Cyberattack targets government websites

Published:Saturday | January 15, 2022 | 12:07 AM
The building of the Ukrainian Foreign Ministry is seen during snowfall in Kyiv, Ukraine. Ukrainian officials and media reports say a number of government websites in Ukraine are down after a massive hacking attack.
The building of the Ukrainian Foreign Ministry is seen during snowfall in Kyiv, Ukraine. Ukrainian officials and media reports say a number of government websites in Ukraine are down after a massive hacking attack.

KYIV, Ukraine (AP):

A cyberattack left a number of Ukrainian government websites temporarily unavailable Friday, officials said.

While it wasn’t immediately clear who was responsible, the disruption came amid heightened tensions with Russia and after talks between Moscow and the West failed to yield any significant progress this week.

Ukrainian foreign ministry spokesman Oleg Nikolenko told AP it was too soon to say who was behind it, “but there is a long record of Russian cyber assaults against Ukraine in the past”.

Moscow had previously denied involvement in cyberattacks against Ukraine.

About 70 websites of both national and regional government bodies were targeted in the attack but no critical infrastructure was affected and no personal data accessed, according to Victor Zhora, deputy chair of the State Service of Special Communication and Information Protection.

The hack amounted to a simple defacement of government websites, said Oleh Derevianko, a leading private-sector expert and founder of the ISSP cybersecurity firm. The hackers got into a content management system they all use, but “didn’t get access to the websites themselves”.

The main question, said Derevianko, is whether this is a standalone hacktivist action – “patriotic” Russian freelancers – or part of a larger state-backed operation.

A message posted by the hackers in Russian, Ukrainian and Polish claimed Ukrainians’ personal data was placed online and destroyed. It told Ukrainians to “be afraid and expect the worst”. In response, Poland’s government issued a statement noting that Russia has a history of such disinformation campaigns and that the Polish in the message was clearly not from a native speaker.

Tensions between Ukraine and Russia have been running high in recent months after Moscow amassed an estimated 100,000 troops near Ukraine’s border.

NATO Secretary-General Jens Stoltenberg said Friday that the alliance will continue to provide “strong political and practical support” to Ukraine in light of the cyberattacks.

“In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation,” Stoltenberg said in a statement.

Russia has a long history of cyberattacks against Ukraine, including nearly thwarting its 2014 national elections and briefly crippling parts of its power grid during the winters of 2015 and 2016. In 2017, Russia unleashed one of the most damaging cyberattacks on record with the NotPetya virus that targeted Ukrainian businesses and caused more than US$10 billion in damage globally.

Ukrainian cybersecurity professionals have been fortifying the defences of critical infrastructure ever since. Zhora has told the AP that officials are particularly concerned about Russian attacks on the power grid, rail network and central bank.

Experts have said recently that the threat of another such cyberattack is significant, as it would give Russian President Vladimir Putin the ability to destabilise Ukraine and other ex-Soviet countries that wish to join NATO without having to commit troops.

DISMANTLED GANG

“If you’re trying to use it as a stage and a deterrent to stop people from moving forward with NATO consideration or other things, cyber is perfect,” Tim Conway, a cybersecurity instructor at the SANS Institute, told the AP in an interview last week.

Conway was in Ukraine last month conducting a simulated cyberattack on the country’s energy sector. The US has been helping Ukraine bolster its cyber defences through agencies including the Department of Energy and USAID.

The White House didn’t immediately respond to a request seeking comment.

In a separate development Friday, Russia’s Federal Security Service, or FSB, announced the detention of members of the REvil ransomware gang, which was behind last year’s Fourth of July weekend supply-chain attack targeting the Florida-based software firm Kaseya. The attack crippled more than 1,000 businesses and public organisations globally.

The FSB claimed to have dismantled the gang, but REvil effectively disbanded in July. Cybersecurity experts say its members largely moved to other ransomware syndicates. They cast doubt Friday on whether the arrests would significantly impact Russian-speaking ransomware gangs, whose activities have only moderately eased after a string of high-profile attacks on critical US infrastructure last year, including the Colonial Pipeline.