Ukrainian Government Websites Hit With Cyberattack

BuzzFeed Correspondent Christopher Miller is reporting on Twitter that several Ukrainian Government websites have been hit with some sort of a cyberattack.

The websites of several government departments including the ministry of foreign affairs and the education ministry have been taken out by this attack.

Elizabeth Wharton who is the VP Operations for SCYTHE had this to say:

This is not surprising. It’s cyber harassment typical with Russian active measures doctrine, which uses disinformation, propaganda, and deception in an attempt to influence world events and disrupt governments.

Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“Nation state threat actors continue to take an active involvement in destabilizing infrastructure, governments, and businesses whether for profit or pure political objectives. Security can no longer continue to be an insurance policy. It must become a critical part of the infrastructure at every step. World governments must start funding and investing in cyber security training, educational programs, and awareness. In addition, without continuous evaluation and investment in next generation security technologies that optimize security operations, threat actor groups will continue to be able to disrupt governments and economies.”

Given the tension between NATO nations and Russia at the moment, it will not be surprising to see more attacks like this in the coming days.

UPDATE: I have additional commentary from Toby Lewis, Head of Threat Analysis at Darktrace:

“It’s too early to discuss technical details – but right now, an attack appears to have targeted and brought down several Ukrainian government websites. Governmental websites are typically built on common software which explains the domino effect of website shutdowns that we are seeing. We should be cautious around labelling this as a ‘sophisticated’ attack. Some cyber-attacks are more successful than others, some are advanced and others less so. A distributed denial of service (DDoS) attack for example, which is an attempt to bring down websites or networks by overwhelming the web server with internet traffic, is not particularly sophisticated and relatively easy to mitigate. Some of the website defacements, such as those left on the Education Website and the Ministry of Foreign Affairs, are designed to mimic “nationalist/separatist groups” with claims that the attack was done in the name of the UPA (Ukrainian Separatist Army) which has not existed for over 50 years. Attribution is impossible to do with digital data alone and it is not unlikely that this is a false flag to divert attention away from the true perpetrators, to stir up unrest or simply impact the credibility of the website owners. While some of the defaced websites are claiming that data was leaked to the public, the Ukranian Government is denying this and no leaked data has appeared yet. We will have to wait to see if more damage has been done beyond website defacement, but if the attacks really have access to sensitive data or have detonated ransomware, why would they shout the loudest about website defacement? Across our customer base we have seen use noisy attack techniques to distract security teams’ attention away from more stealthy attacks, it remains to be seen if that is the case here.”

UPDATE #2: Saumitra Das, CTO and Cofounder, Blue Hexagon had this to say:

“It is interesting that this is happening on the heels of the ReEvil arrests as well as right when the talks have ended in a stalemate. It shows how cyber warfare is becoming a major tool for nation states compared to augment conventional means. The arrest by the authorities related to the ReEvil group is a major win for law enforcement, but make no mistake, another group will attempt to fill the shoes and attempt to recycle the extensive network setup by the ReEvil group.”

Leave a Reply

%d bloggers like this: