Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks

Cyberattack Hits Ukrainian Government, Banking Websites

Nation Reportedly Hit by DDoS Attacks Amid US Intel Warnings
Cyberattack Hits Ukrainian Government, Banking Websites
Ministry of Foreign Affairs of Ukraine (Photo: Enrico Strocchi via Flickr)

Editor's Update: Russia launched airstrikes at targets across Ukraine at about 5 a.m. Eastern European Time on Feb. 24, with Putin vowing to "demilitarize" Ukraine. Experts say Russia appears to be attempting a full military takeover of the country.

See Also: Gartner Guide for Digital Forensics and Incident Response

Just one week after the Ukrainian Ministry of Defense, which oversees the nation's military, suffered a distributed denial-of-service outage, reports have surfaced that government sites again have been pushed offline in a similar attack.

According to the Telegram channel of Mykhailo Fedorov, who heads Ukraine's Ministry of Digital Transformation, the attack - detected around 4 p.m. local time - also affected banks, which have not been named.

Affected websites include the Ukrainian Ministry of Foreign Affairs; the Cabinet of Ministers; and Verkhovna Rada, the country's parliament, according to an early report from CNBC. Officials have reportedly been working to reroute the mass traffic flooding the network and restore the sites.

Ongoing Tensions

Wednesday's DDoS outage across Ukrainian government sites follows a comparable campaign just last week - which left the site for Ukraine's Defense Ministry offline for a time (see: Report: Cyberattack Hits Ukrainian Defense Ministry, Banks). Several Ukrainian banking institutions were also reportedly swept into the attack, and local reports said ATMs were kicked offline as a result.

U.S. and U.K. officials subsequently attributed the activity to Russia's intelligence agency, the GRU.

The moves follow Russian President Vladimir Putin's mass mobilization of troops along Ukraine's eastern border. For months, the Russian leader has teased a full-scale invasion. Those rumors came to pass this week as Putin hailed pro-Russian separatist territories within Ukraine's eastern Donbas region. Media reports have pointed to a Russian military presence moving toward this area; Putin had called the efforts a "peacekeeping" mission.

The conflict is steeped in historical grievances and Ukraine's recent request to join the intergovernmental military alliance NATO. Putin demanded the Ukrainian official renounce the plans, and similarly demanded NATO remove its troops from Eastern Europe - terms that NATO has since rejected.

Amid rapid escalation this week - in which convoys were spotted in motion and NATO officials began to confirm their own robust military presence in the area - the U.S. sanctioned two sizable Russian banks, effectively excluding them from Western finance.

U.S. Secretary of State Antony Blinken confirmed that the Pentagon will be sending additional U.S. troops to NATO's eastern flank to deter Russian aggression. Blinken also said that the administration will sanction individual Russian oligarchs.

Foreign policy experts believed that the West's sanctions could prompt harsh retaliation from the Kremlin, with Moscow potentially carrying out crippling cyberattacks on Ukrainian infrastructure, or on the networks of those aiding the former Soviet state.

In response to Wednesday's cyberattacks, a White House official told NBC News that it considers "further incidents to be consistent with the type of activity Russia would carry out in a bid to destabilize Ukraine. We are in communication with Ukraine regarding their cyber-related needs, including as recently as today."

The West's Warnings

With fears of outright war growing, Western officials have moved to stay ahead of Moscow's cyber maneuvers.

Last week, officials at the U.S. Cybersecurity and Infrastructure Security Agency issued a "Shields Up" warning to U.S. organizations - to revert to basic cyber hygiene principles and ensure the utmost protection of networks and systems. CISA Director Jen Easterly urged security teams to patch known exploited vulnerabilities; identify unknown or mysterious network behavior, confirm that ports and protocols not essential for business purposes have been disabled, and monitor/isolate traffic from Ukrainian networks (see: CISA Warns Orgs to Prep for Potential Russian Cyberattacks).

The U.K.'s National Cyber Security Center on Tuesday issued a warning to British organizations to ensure proper defense over IT networks. British officials urged security teams to verify access controls, monitor key logs and antivirus logs, implement an incident response plan, orchestrate proper phishing defense, and more.

By Wednesday, U.S. intelligence had pointed to an imminent cyberattack - to the extent that Biden administration officials warned Ukrainian President Volodymyr Zelenskyy that the nation could experience a full invasion within 48 hours, according to Newsweek. And just hours before reports broke of the site outages across Ukraine, U.S. intelligence officials pointed to a destabilizing cyberattack that could enable future military operations.

Connectivity Returning?

NetBlocks, a watchdog agency that monitors cybersecurity activity, tweeted that connectivity was returning after the outage, adding that the internet server Eastnet had been primarily affected. It is not yet known what the extent of the damage has been or if the attacks will continue.


About the Author

Dan Gunderman

Dan Gunderman

Former News Desk Staff Writer

As staff writer on the news desk at Information Security Media Group, Gunderman covered governmental/geopolitical cybersecurity updates from across the globe. Previously, he was the editor of Cyber Security Hub, or CSHub.com, covering enterprise security news and strategy for CISOs, CIOs and top decision-makers. He also formerly was a reporter for the New York Daily News, where he covered breaking news, politics, technology and more. Gunderman has also written and edited for such news publications as NorthJersey.com, Patch.com and CheatSheet.com.

Devon Warren-Kachelein

Devon Warren-Kachelein

Former Staff Writer, ISMG

Warren-Kachelein began her information security journey as a multimedia journalist for SecureWorld, a Portland, Oregon-based cybersecurity events and media group. There she covered topics ranging from government policy to nation-states, as well as topics related to diversity and security awareness. She began her career reporting news for a Southern California-based paper called The Log and also contributed to tech media company Digital Trends.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.