Join today’s leading executives online at the Data Summit on March 9th. Register here.
Ukraine’s Ministry of Defense said Tuesday that it suffered a cyberattack, while the Ukrainian government also disclosed that cyberattacks struck two banks in the country.
The State Service of Special Communication and Information Protection of Ukraine said in a statement posted online that there was a “powerful” distributed denial-of-service (DDoS) attack Tuesday against “a number of information resources of Ukraine.” The affected targets included the websites of the Ministry of Defense and the Armed Forces of Ukraine, as well as the web services of Privatbank and Oschadbank.
The full statement:
Starting from the afternoon of February 15, 2022, there is a powerful DDOS attack on a number of information resources of Ukraine. In particular, this caused interruptions in the work of web services of Privatbank and Oschadbank. The websites of the Ministry of Defense and the Armed Forces of Ukraine were also attacked. As of 19:30, the work of banking web resources has been resumed. A working group of experts from the main subjects of the national cybersecurity system is taking all necessary measures to resist and localize the cyberattack.
It was not immediately certain that Russia, which has amassed an estimated 130,000 troops near Ukraine, is connected to any of the cyberattacks.
On the website of ArmyINFORM, the Ministry of Defense of Ukraine’s information agency, a translation of a post today says the ministry experienced a cyberattack that was “probably” a distributed denial-of-service (DDoS) attack.
“The official web portal of the Ministry of Defense of Ukraine probably suffered DDoS attacks when an excessive number of requests per second was recorded,” the translation of the post says.
Technical work to restore the portal is underway, according to the translation of the post.
The Ukrainian Centre for Strategic Communications and Information Security, a wing of the nation’s culture ministry, also confirmed the attack in a statement and said that the attack had shut down access to the defense ministry’s site, according to a Reuters report.
The statement did not specify who is being blamed for it, but the Reuters report suggested that the statement could be interpreted as accusing Russia.
“It is not ruled out that the aggressor used tactics of little dirty tricks because its aggressive plans are not working out on a large scale,” the Ukrainian information security said in the statement cited by Reuters.
Christian Sorensen, former operational planning team lead for the U.S. Cyber Command, told VentureBeat today that these attacks “are ratcheting up attention and pressure.”
“It doesn’t sounds like much impact yet,” Sorensen said in an email. “In the coming hours and days, I would anticipate more activities to isolate and disrupt Ukrainian citizens and especially government activities. The purpose at this stage is to increase leverage in negotiations. Next stage will be impactful and continue deterrence for other countries to get involved.”
Background
The Russian build-up near Ukraine includes armored vehicles, ships, and aircraft, according to reports.
In mid-January, a day after the failure of diplomatic efforts to halt the Russian troop build-up, more than 70 Ukrainian government websites were targeted with the new “WhisperGate” family of malware. Ukraine blamed Russia for the attacks, which left many of the government’s websites inaccessible or defaced.
Cybersecurity experts say that if Russia does plan to invade Ukraine, it would undoubtedly use cyberattacks as a key part of its strategy — just as the country has done in previous military campaigns over the past decade-and-a-half, including in Georgia and the Crimean Peninsula in Ukraine.
“In these previous conflicts, cyber was used to facilitate a Russian occupation that remains today in previously sovereign territory of another country,” said Sorensen, who is now founder and CEO of cybersecurity firm SightGain, in a previous email. “In this way, cyber is tightly integrated into Russian tactics.”
If an invasion does occur, “it’s not really a question of whether cyberattacks on Ukraine will take place,” said Mathieu Gorge, author of The Cyber Elephant in the Boardroom and the founder and CEO and of cybersecurity firm VigiTrust.
“Bringing down critical infrastructure in Ukraine, or any opponent’s sovereign state infrastructure, is a tactic to either proceed or augment physical attacks,” Gorge said in a previous email. “The idea behind it is that if you cripple the country physically at their border while crippling access to banking, electricity, health services, and IT systems, your attack is much more powerful.”
Russia’s strategy will be to generally spread fear, uncertainty, and doubt — both before and during an active/shooting conflict — and to target military personnel and communications during active conflict, Sorensen said.
In prior attacks, cyber was used as a diversion — in order to confuse the targets enough to “not put up a big fight or get organized until it was too late,” Sorensen said.
Broader cyber conflict?
On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) posted a warning about the potential for attacks against U.S. targets by Russia in connection with the tensions over Ukraine.
“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” CISA said in its “Shields Up” warning. “CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Meanwhile, Russian cyberattacks against western targets have reportedly already taken place in connection with the Ukraine tensions. Last month, a Russia-linked hacker group is believed to have launched a cyberattack against a western government organization in Ukraine, according to researchers at Palo Alto Networks’ Unit 42. The attack involved a “targeted phishing attempt” and attempted delivery of malware, Unit 42 reported.
The leadership of the group, which Unit 42 has referred to as “Gamaredon,” includes five Russian Federal Security Service officers, the Security Service of Ukraine said previously. Unit 42 did not identify or further describe the western government entity that was targeted by Gamaredon.
