Ukraine was hit by a major cyberattack on the night of Jan. 13-14, crashing many government websites, including the Ministry of Foreign Affairs, Ministry of Veterans Affairs, State Emergency Service, Cabinet of Ministers, Ministry of Energy, and the Ministry of Education and Science.
The website of Diia, Ukraine’s e-governance website and app which allows Ukrainians to access their digital documents like passports and driving licenses, was also down on the morning of Jan. 14. The message on the website said it was under maintenance. The Diia app worked normally.
The content of the sites was not changed, and no personal data was leaked, said the State Service for Special Communications and Information Protection of Ukraine in a statement.
By 9 a.m. on Jan. 14, the targeted websites were down, but initially hackers replaced their homepages with a threatening message addressed to Ukrainians.
According to screenshots shared in the media, threats in three languages – Ukrainian, Russian, and Polish – were published on some of the government's websites.
The message claimed that the personal data of Ukrainians was "uploaded to the web" and became public, a claim that couldn't be verified.
"Be scared and expect the worst,” the message reads.
The messages, accompanied with images like a crossed-out Ukrainian flag, implied that the attack was carried out by Russia or in Russia's interests.
The government hasn’t confirmed who is behind the attack.
“Our specialists have already started restoring the work of IT systems, and the cyberpolice has opened an investigation,” tweeted Oleg Nikolenko, the spokesperson of the Ministry of Foreign Affairs.
UPDATE: The attack affected around 70 websites of central and regional authorities, Deputy Head of the State Service for Special Communications and Information Protection Viktor Zhora said during a briefing on Jan. 14.
It was one of the worst cyberattacks against Ukraine in the last four years, he added.
The official also said the agency was first notified about the attack by “information resources of another country,” but refused to state which one. He also said the attack “can be linked to the fact of constant aggression (by Russia),” but specified that it is to early to assert Moscow’s involvement due to insufficient evidence.
CMS vulnerability used?
According to Kim Zetter, an American cybersecurity reporter and expert, hackers may have targeted the websites using a vulnerability in October – a content-management system allegedly used by Ukraine’s government agencies to manage its websites. If the software isn't updated on time, it becomes prone to cyber attacks.
October is a simple software, with “very little knowledge or skill required to exploit” it, according to the CVE Details, an open security vulnerability database. The database gives October a score of 6.4 out of 10 on the Common Vulnerability Scoring System, used to rate the severity of security risks of a computer system, with 10 being the critical vulnerability level.
The Computer Emergency Response Team of Ukraine said that it "can't be ruled out" that the hackers used the October CMS.
Ukraine, Russia and cyberattacks
Earlier, Britain and the United States have sent their cyberwarfare experts to Ukraine to help the country prepare for a major cyberattack from Moscow, the New York Times reported in Dec. of 2021, citing its sources.
The article said the Kremlin’s goal would be to make Ukraine’s president, Volodymyr Zelensky, “look inept and defenseless,” according to American intelligence assessments, “and perhaps provide an excuse for an invasion”. Russia has amassed over 120,000 troops near the borders of Ukraine.
“More than 90% of all attacks coming from abroad are related to Russia and hacking groups funded by the Russian government,” said Yuri Schigol, the head of State Service for Special Communications and Information Protection of Ukraine.
The agency also said it has stopped over 1.7 million cyber attacks on Ukraine’s government institutions in the first five months of 2021.
Russia has already carried out numerous massive cyber attacks against Ukraine in the past.
In 2015, Russian hackers targeted one of Ukraine’s energy companies, leaving around 230,000 Ukrainians in the dark for up to six hours. Next year, Russia similarly attacked Kyiv, causing power outages in large parts of the capital.
The hardest hit came in 2017, when ransomware “NotPetya” spread across Ukrainian ministries, banks, and energy firms. The virus later spread to the US, Denmark, and India, but Ukraine was targeted the most.