Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks
Cyberattack Hits Ukrainian Government, Banking Websites
Nation Reportedly Hit by DDoS Attacks Amid US Intel WarningsEditor's Update: Russia launched airstrikes at targets across Ukraine at about 5 a.m. Eastern European Time on Feb. 24, with Putin vowing to "demilitarize" Ukraine. Experts say Russia appears to be attempting a full military takeover of the country.
See Also: Gartner Guide for Digital Forensics and Incident Response
Just one week after the Ukrainian Ministry of Defense, which oversees the nation's military, suffered a distributed denial-of-service outage, reports have surfaced that government sites again have been pushed offline in a similar attack.
According to the Telegram channel of Mykhailo Fedorov, who heads Ukraine's Ministry of Digital Transformation, the attack - detected around 4 p.m. local time - also affected banks, which have not been named.
Affected websites include the Ukrainian Ministry of Foreign Affairs; the Cabinet of Ministers; and Verkhovna Rada, the country's parliament, according to an early report from CNBC. Officials have reportedly been working to reroute the mass traffic flooding the network and restore the sites.
Ongoing Tensions
Wednesday's DDoS outage across Ukrainian government sites follows a comparable campaign just last week - which left the site for Ukraine's Defense Ministry offline for a time (see: Report: Cyberattack Hits Ukrainian Defense Ministry, Banks). Several Ukrainian banking institutions were also reportedly swept into the attack, and local reports said ATMs were kicked offline as a result.
U.S. and U.K. officials subsequently attributed the activity to Russia's intelligence agency, the GRU.
The moves follow Russian President Vladimir Putin's mass mobilization of troops along Ukraine's eastern border. For months, the Russian leader has teased a full-scale invasion. Those rumors came to pass this week as Putin hailed pro-Russian separatist territories within Ukraine's eastern Donbas region. Media reports have pointed to a Russian military presence moving toward this area; Putin had called the efforts a "peacekeeping" mission.
The conflict is steeped in historical grievances and Ukraine's recent request to join the intergovernmental military alliance NATO. Putin demanded the Ukrainian official renounce the plans, and similarly demanded NATO remove its troops from Eastern Europe - terms that NATO has since rejected.
Amid rapid escalation this week - in which convoys were spotted in motion and NATO officials began to confirm their own robust military presence in the area - the U.S. sanctioned two sizable Russian banks, effectively excluding them from Western finance.
U.S. Secretary of State Antony Blinken confirmed that the Pentagon will be sending additional U.S. troops to NATO's eastern flank to deter Russian aggression. Blinken also said that the administration will sanction individual Russian oligarchs.
Foreign policy experts believed that the West's sanctions could prompt harsh retaliation from the Kremlin, with Moscow potentially carrying out crippling cyberattacks on Ukrainian infrastructure, or on the networks of those aiding the former Soviet state.
In response to Wednesday's cyberattacks, a White House official told NBC News that it considers "further incidents to be consistent with the type of activity Russia would carry out in a bid to destabilize Ukraine. We are in communication with Ukraine regarding their cyber-related needs, including as recently as today."
The West's Warnings
With fears of outright war growing, Western officials have moved to stay ahead of Moscow's cyber maneuvers.
Last week, officials at the U.S. Cybersecurity and Infrastructure Security Agency issued a "Shields Up" warning to U.S. organizations - to revert to basic cyber hygiene principles and ensure the utmost protection of networks and systems. CISA Director Jen Easterly urged security teams to patch known exploited vulnerabilities; identify unknown or mysterious network behavior, confirm that ports and protocols not essential for business purposes have been disabled, and monitor/isolate traffic from Ukrainian networks (see: CISA Warns Orgs to Prep for Potential Russian Cyberattacks).
The U.K.'s National Cyber Security Center on Tuesday issued a warning to British organizations to ensure proper defense over IT networks. British officials urged security teams to verify access controls, monitor key logs and antivirus logs, implement an incident response plan, orchestrate proper phishing defense, and more.
By Wednesday, U.S. intelligence had pointed to an imminent cyberattack - to the extent that Biden administration officials warned Ukrainian President Volodymyr Zelenskyy that the nation could experience a full invasion within 48 hours, according to Newsweek. And just hours before reports broke of the site outages across Ukraine, U.S. intelligence officials pointed to a destabilizing cyberattack that could enable future military operations.
Connectivity Returning?
NetBlocks, a watchdog agency that monitors cybersecurity activity, tweeted that connectivity was returning after the outage, adding that the internet server Eastnet had been primarily affected. It is not yet known what the extent of the damage has been or if the attacks will continue.
ℹ️ Update: Connectivity is returning to impacted subscribers in the city of Donetsk, #Ukraine, following a multi-hour internet disruption primarily affecting provider Eastnet. pic.twitter.com/qv43Uvw7aI
— NetBlocks (@netblocks) February 23, 2022