Breach Notification , Business Continuity Management / Disaster Recovery , Critical Infrastructure Security

Report: Cyberattack Hits Ukrainian Defense Ministry, Banks

Government Sites, Some Banking Systems Inaccessible in Apparent Cyber Incident
Report: Cyberattack Hits Ukrainian Defense Ministry, Banks
Ukrainian flag in an image courtesy of oleg mit via Pixabay

Stay tuned for updates on this developing story.

See Also: Gartner Market Guide for DFIR Retainer Services

Following what appeared to be mild escalation of the Russia-Ukraine conflict over the weekend, in which top U.S. diplomats warned that Russia could invade the former Soviet state as soon as this week, reports have now surfaced that Ukraine's defense ministry and two banks, Privatbank and Oschadbank, have fallen victim to an apparent cyberattack.

According to Reuters, the website for Ukraine's defense ministry, which oversees and supports the Armed Forces of Ukraine, went dark on Tuesday. At the time of publication, the site returned an error message.

The Ukrainian Center for Strategic Communications and Information Security, which falls under the Ministry of Culture and Information Policy, has not attributed the attack, including to Russian threat actors, although the Kremlin has amassed some 100,000 troops along the country's eastern border.

Ukraine's cybersecurity center has hinted that Russia may be a potential culprit, according to Reuters. In a statement, officials reportedly said: "It is not ruled out that the aggressor used tactics of little dirty tricks because its aggressive plans are not working out on a large scale."

In January, multiple Ukrainian websites were defaced with dire warnings and propaganda; language included "be afraid and expect the worst." Ukraine's state security service, the SBU, has said it believes the activity was linked to Russian intelligence services.

And for weeks, many security and foreign policy experts have said they believe that Russia may launch a broader cyberattack that would precede any kinetic strike, ultimately to enable or deepen military operations.

Multiple media reports and social media posts say Ukrainian officials are attempting to restore access on affected sites.

Oschadbank, which has reportedly confirmed the cyberattack, said its systems were slowed, while Ukraine's cybersecurity center reportedly stated that Privatbank's payments and app were affected, Reuters reports.

Air, Land, Sea ... and Cyber

Commenting on the developments, Tim Wade, a former network and security technical manager with the U.S. Air Force, says: "Are these attacks part of nation-state aggression? Or criminal opportunists exploiting a tense situation? Or just entirely coincidental?"

Wade, currently technical director of the CTO Team at the firm Vectra AI, says it isn't difficult to draw a "clear line of sight to the importance of cyber resilience as it relates to critical services and infrastructure."

And according to Daron Hartvigsen, former special agent in charge of the Air Force Office of Special Investigations and current managing director of the advisory firm StoneTurn, "Russia is likely to continue to 'harass' Ukraine on the ground, in the air and at sea, as they seek to blunt any early-warning sensing; continued activity in cyberspace is likely just another extension of that strategy."

An error message returned on the Ukrainian defense ministry's site on Tuesday

Russian Activity

Amid the recent troop buildup, Russian President Vladimir Putin has worked to bar Ukraine from joining NATO, the intergovernmental military alliance.

Some foreign policy experts contend that Russia views Ukraine as part of its sphere of influence and point to its annexation of the Crimean Peninsula in southern Ukraine in 2014.

The prospect of Western intervention in the conflict prompted the U.S. Department of Homeland Security to issue a bulletin last month, warning of potential cyberattacks on U.S. infrastructure (see: Report: DHS Fears Russian Cyberattack If US Acts on Ukraine).

Officials said they believed that if the U.S. responds to the tensions between the Kremlin and Ukraine's government, which is led by President Volodymyr Zelenskyy, the Russian government or its proxies could initiate a cyberattack. DHS warned that Russia can employ a "range of offensive cyber tools" against U.S. networks, including "a low-level denial of service attack" or a "destructive" attack on critical infrastructure.

Last week, the European Central Bank, the central bank of the 19 European Union countries that use the euro, also reportedly warned against potential Russian cyberattacks on European banks (see: Report: European Central Bank Warns Against Russian Hacking).

Then on Friday, the U.S. Cybersecurity and Infrastructure Security Agency issued a "Shields Up" alert to U.S. organizations to protect against potential Russian cyberattacks.

CISA said: "The Russian government has used cyber as a key component of their force projection over the last decade. ... The Russian government understands that disabling or destroying critical infrastructure - including power and communications - can augment pressure on a country's government, military and population and accelerate their acceding to Russian objectives."

In response, the United States' operational cyber agency said it is working with critical infrastructure partners to "ensure awareness of potential threats."

And on Tuesday, U.S. President Joe Biden briefed the nation on the ongoing conflict, saying: "We're not seeking direct confrontation with Russia. But I've been clear, if Russia targets Americans in Ukraine, we will respond forcefully. And if Russia attacks the United States or our allies through asymmetric means, like disruptive cyberattacks against our companies or critical infrastructure, we're prepared to respond - and in lockstep with our NATO allies and partners, to deepen our collective defense against threats in cyberspace."

Potential De-Escalation?

News of the ongoing Ukrainian cyberattack comes amid conflicting reports that Russia indeed intends to remove some troops from the Ukrainian border, according to the BBC. Security officials have long warned, however, that disinformation campaigns are a staple of Moscow's tactics.

According to additional BBC reporting, Putin indicated that he does not want war in Europe. And while Western leaders say they do not see signs of immediate de-escalation, Putin reportedly denied invasion plans after meeting with German Chancellor Olaf Scholz on Tuesday.

The same report states that Putin said NATO has thus far failed to address his security concerns surrounding Ukraine and that Germany's Scholz reportedly told the Russian leader that the troop buildup was "incomprehensible."

British Prime Minister Boris Johnson on Tuesday tweeted that there are "signs of a diplomatic opening with Russia," but that the intelligence he has seen "is not encouraging."

Johnson said, "We maintain that diplomacy and de-escalation is the only way forward."

'Measures Designed to Fool Us'

In a new blog post outlining general cybersecurity concerns around the geopolitical standstill, Sandra Joyce, executive vice president and head of Mandiant's threat intelligence team, writes: "Concerns are reasonable and valid; Russia has a well-established history of aggressively using their considerable cyber capabilities in Ukraine and abroad. We are concerned that as the situation escalates, serious cyber events will not merely affect Ukraine. But while we are warning our customers to prepare themselves and their operations, we are confident that we can weather these cyberattacks. We should prepare, but not panic because our perceptions are also the target."

Joyce says that while Russia is not likely to engage the West in combat, its cyber tools give it the means to aggressively compete with others without risking open armed conflict.

Many of the same steps defenders take to harden their networks against ransomware crime can also prepare them for an attack in this case, she says, adding this warning: "Within the context of this crisis, we will have to be careful consumers of information; suspicious to the possibility of active measures designed to fool us."

+++

Update - Feb. 15, 3:45 p.m. EST: This story has been updated to include remarks from President Joe Biden.


About the Author

Dan Gunderman

Dan Gunderman

Former News Desk Staff Writer

As staff writer on the news desk at Information Security Media Group, Gunderman covered governmental/geopolitical cybersecurity updates from across the globe. Previously, he was the editor of Cyber Security Hub, or CSHub.com, covering enterprise security news and strategy for CISOs, CIOs and top decision-makers. He also formerly was a reporter for the New York Daily News, where he covered breaking news, politics, technology and more. Gunderman has also written and edited for such news publications as NorthJersey.com, Patch.com and CheatSheet.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.