A number of Ukrainian websites were temporarily taken down after a series of cyberattacks. 

In a Facebook post, Ukraine’s Center for Strategic Communications said the websites of Privat Bank and Oscadbank were offline due to a distributed denial of service (DDoS) attack. The public site for the armed forces of Ukraine were also offline. Along with the attack, Ukrainian citizens received spam messages that ATMs were down. According to several reports, the spam texts and the DDoS attacks may be a coordinated effort to spread misinformation, sow chaos and distrust among Ukrainian citizens.

“We don’t have any information of other disruptive actions that (could) be hidden by this DDoS attack,” said Victor Zhora, a top Ukrainian cyber defense official. He said emergency response teams were working on cutting off the attackers and recovering services. Zhora said the attack did not affect the communications of Ukraine’s military forces. Zhora said it was too early to understand who was behind the cyberattacks, and logs from IT providers still needed to be analyzed.

While accurate attribution is difficult, there are no shortage of actors that could stand to benefit from chaos or disruption, says Tim Wade, Deputy CTO at Vectra, “ranging from criminal actors to nation-states — and that, unlike Hollywood movies, real motivations can be tricky to unwind.”

The attacks come as Russia has massed an estimated 150,000 troops, positioned along the country’s border with Ukraine, and as U.S. top officials warned that Russia could invade the country this week. The U.S. government is investigating the cyberattack on Ukraine, a Department official said, suggesting that Russia has a history of carrying out similar attacks. 

Threat actors with Russian affiliations have leveraged massive DDoS attacks in the past, says Rick Holland, Chief Information Security Officer, Vice President of Strategy at Digital Shadows. While threat actors not associated with Russia could be responsible for the DDoS attacks, evidence to substantiate this would be required, Holland explains.

However, a more likely scenario is that other countries like China and Iran are taking advantage of the chaos and the fog of war to further their interests and conduct their campaigns against the West, Holland says. “As the saying goes, ‘never let a good crisis go to waste.’ The risk of these types of false flag operations could have unintended consequences, and you can’t close Pandora’s Box once it’s opened.”