Ukraine said it was the target of a “massive cyber attack” after about 70 government websites ceased functioning.
On Friday morning targets included websites of the ministerial cabinet, the foreign, education, agriculture, emergency, energy, veterans affairs and environment ministries. Also out of service were the websites of the state treasury and the Diia electronic public services platform, where vaccination certificates and electronic passports are stored.
“Ukrainians! All your personal data has been uploaded to the public network,” read a message temporarily posted on the foreign ministry’s website. “All data on your computer is being erased and won’t be recoverable. All information about you has become public, fear and expect the worst.”
Viktor Zhora, deputy head of Ukraine’s state agency in charge of special communication and information protection, told journalists on Friday that it was “the most powerful attack in four years” with about 70 central and regional government websites taken down.
“I want to note that as a result of the attack on the sites, the personal data of Ukrainians have not been distorted in any way, important data has not been leaked, the site’s content has not been damaged, and some sites have been forcibly shut down,” he said.
“As soon as we make sure that there are no third parties in the system, there is no malicious code and we will gather all the necessary evidence, the work of these sites will be restored,” Zhora said.
The incident follows tense negotiations this week between the US, Nato and western allies and Russia, aimed at deterring Russian president Vladimir Putin from opting for a deeper invasion of Ukraine. Moscow annexed the Ukrainian peninsula of Crimea in 2014.
Ukrainian officials have recently warned that cyber attacks and other efforts to destabilize the country would be a prelude to further aggression. Authorities, however, have not assigned blame for the Friday onslaught.
“As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down,” Ukraine’s foreign ministry said. “Our specialists are already working on restoring the work of IT systems, and the cyber police opened an investigation.”
The message left by hackers, posted in Ukrainian, Russian and Polish, added: “This is for your past, present and future. For Volyn, for the OUN UPA [Organization of Ukrainian Nationalists/Ukrainian Insurgent Army], for Halychyna, for Polissya and for historical lands.”
Comments at the end of the message referred to Ukrainian insurgent fighters during the second world war and appeared to chastise Ukraine for ethnic clashes and atrocities. Poland and Ukraine accuse each other of committing atrocities during the period in the region, which the countries have jostled over for centuries.
The hackers’ post also included defaced images of Ukraine’s national symbols, with a line across the flag, coat of arms and a map of the country.
It was not immediately clear if the hackers were Polish or if this was an attempt to incite divisions between Ukraine and Poland, one of Kyiv’s strongest European allies in the face of Russian aggression.
Julianne Smith, the US ambassador to Nato, said the US would wait “to see what we find out today.” She added that proof of a Russian cyber attack “certainly” would be classed as an example of renewed aggression against Ukraine, which could trigger western sanctions against Moscow.
“We are monitoring everything that Russia is going to be doing towards Ukraine,” she said. “We are attuned to some of the efforts to destabilize Ukraine from within. We all understand that there’s an array of scenarios that could unfold as it relates to what happens between Russia and Ukraine.”
Josep Borrell, Brussels’ top diplomat, said the EU’s political and security committee and cyber units will convene to see how to help Kyiv.
“We are going to mobilize all our resources to help Ukraine to tackle this cyber attack. Sadly, we knew it could happen,” Borrell was quoted as saying by Reuters at an EU foreign ministers meeting in Brest, western France. “It’s difficult to say [who is behind it]. I can’t blame anybody as I have no proof, but we can imagine.”
Ukraine’s SBU state security service said in a statement that “provocative messages were posted on the main page of these sites.”
“The content of the sites was not changed, and the leakage of personal data, according to preliminary information, did not occur,” the SBU added.
Oleksiy Danilov, Ukraine’s national security chief, late last year told the Financial Times that Ukraine faced “continuous” Russian cyber attacks and other attempts to destabilize the country since Moscow annexed Crimea and orchestrated a proxy separatist war in its eastern regions.
“Domestic destabilization is the immediate objective” of Russia prior to unleashing a potential deeper military incursion, he said, “firstly through cyber warfare, triggering an energy crisis and information warfare.”
Copyright The Financial Times Limited 2022