Ukrainian government and banks affected by cyberattacks

The websites of Ukraine’s government, foreign ministry and state security service were brought down again by a distributed denial of service attack (DDoS).

“At about 4 pm, another mass DDoS attack on our state began. We have relevant data from a number of banks,” said Mykhailo Fedorov, Minister of Digital Transformation, adding that the parliament website was also hit. Earlier this week, Ukrainian authorities noted they had seen signs that hackers were preparing to launch major attacks on government agencies, banks and the defense sector.

While the parliament and defense ministry websites were quickly restored, those of the Ministry of Internal Affairs and the security service had not returned online by Wednesday evening in Kyiv.

According to Ukraine’s Centre for Strategic Communications, administrators tried to limit the damage by changing providers, but even if sites were restored, users could experience delays.

A nonprofit that tracks network disruptions, NetBlocks said that the websites of PrivatBank, a large commercial bank in Ukraine, and Oschadbank, the State Savings Bank of Ukraine, had also been rendered unavailable.

Last week, a similar attack took down a number of sites in the country. The White House National Security Council recently said that the GRU, Russia’s military agency, was linked to those cyberattacks. “Known GRU infrastructure has been noted transmitting high volumes of communications to Ukraine-based IP addresses and associated banking-related domains,” the National Security Council said.

In January, Ukraine said Russia was behind another DDoS attack that impacted 70 government sites that contained a warning to Ukrainians to “prepare for the worst.”

David Jemmett, CEO of Cerberus Sentinel, says, “Today’s attack on Ukraine’s government, foreign ministry and state security service is the latest salvo in yet another digital nation-state assault. It is further proof that all organizations and the world’s citizens need measures to protect their most critical assets: infrastructure, sensitive information, intellectual property, identity and privacy.” Jemmett suggests that security leaders need to work together to establish true security cultures in public and private organizations to stop threats and ensure resiliency.

Update 2/24/2022: It is clear now that the wave of DDoS attacks, as well as a new form of wiper malware installed on hundreds of systems in Ukraine, were a sign that a Russian invasion was imminent.

The attacks were seen hitting Ukraine in the hours leading up to the Russian invasion. As the United Nations Security Council held an emergency session late Wednesday in hopes of preventing the invasion, military strikes began across Ukraine. Reporters heard explosions in the capital Kyiv, in the eastern city of Kharkiv, and in the port city of Odessa. Explosions were reported outside of Kramatorsk, a town in the Donbas region controlled by Ukraine. Explosions were also reported near Kyiv's main airport, as well as around other cities in Ukraine.

After weeks of denying Russia's plans to invade Ukraine, President of Russia Vladimir Putin announced a "special military operation" to protect civilians in eastern Ukraine — a claim the U.S. predicted Putin would make as a pretext to invade Ukraine.

Security magazine is actively covering the ongoing Russia-Ukraine crisis. For more information on the conflict, please visit www.securitymagazine.com.

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?