Three years of reporting, funded by our readers — become a member now and help us prepare for 2025.
Goal: 1,000 new members for our birthday. Gift a membership to your friend and help us prepare for what 2025 might bring.
Become a member Gift membership
Skip to content
Edit post

Ukraine: Evidence implies Russia behind cyberattack on government websites

by Alexander Query January 16, 2022 8:29 PM 3 min read
The threatening message in Ukrainian, Russian, and Polish that appeared on the government websites targeted by a cyberattack on the night of Jan. 13-14. Russia is likely behind the cyberattack, the Ministry of Digital Transformation said on Jan. 16.
This audio is created with AI assistance

The Ministry of Digital Transformation pointed the finger at Russia on Jan. 16, accusing it of being responsible for the massive cyberattack that crashed many government’s websites on the night of Jan. 13-14.

“As of now, we can say that all the evidence points to the fact that Russia is behind the cyberattack,” the ministry said in its press release.

The attackers appeared to make it seem like the attack originated from Poland. They put up a threatening message in Ukrainian, Russian, and Polish, that referenced certain conflicting points in the history of Ukraine and Poland from the early 20th century.

Speakers of Polish promptly pointed out that the Polish part of the message had mistakes and likely wasn't written by a native speaker of the language.

The fact that the attack came amid the ongoing threat of military escalation from Russia led many to attribute it to Russian hackers even before Ukraine's Ministry of Digital Transformation said that evidence points at Russia's involvement.

Meanwhile, Microsoft released a report, warning of the presence of dangerous malware on dozens of Ukrainian government computers. The company said the malware was first detected the day before the attack, and had been launched from Ukraine.

“On Jan. 13, Microsoft identified intrusion activity originating from Ukraine that appeared to be possible Master Boot Records (MBR) Wiper activity,” Microsoft’s investigation shows.

A Master Boot Records (MBR) Wiper is a malware program preventing the system behind the websites from functioning properly, "intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom," according to Microsoft.

“During our investigation, we found a unique malware capability being used in intrusion attacks against multiple victim organizations in Ukraine.”

The cyberattack was one of the worst cyberattacks against Ukraine in the last four years, Deputy Head of the State Service for Special Communications and Information Protection Viktor Zhora said during a briefing on Jan. 14.

Among the targeted websites were the Ministry of Foreign Affairs, Ministry of Veterans Affairs, State Emergency Service, Cabinet of Ministers, Ministry of Energy, and the Ministry of Education and Science.

The website of Diia, Ukraine’s e-governance platform that allows Ukrainians to access their digital documents like passports and driving licenses, was also down on the morning of Jan. 14. The message on the website said it was under maintenance. The Diia app worked normally.

Initially, hackers replaced their homepages with a threatening message addressed to Ukrainians, claiming that their private data was “uploaded to the web” and became public, a claim that couldn’t be verified, and was later denied by the government.

Earlier, Britain and the United States have sent their cyberwarfare experts to Ukraine to help the country prepare for a major cyberattack from Moscow, the New York Times reported in Dec. of 2021, citing its sources.

The article said the Kremlin’s goal would be to make Ukraine’s president, Volodymyr Zelensky, “look inept and defenseless,” according to American intelligence assessments, “and perhaps provide an excuse for an invasion”. Russia has amassed over 120,000 troops near the borders of Ukraine.

The State Service for Special Communications and Information Protection of Ukraine said it has stopped over 1.7 million cyber attacks on Ukraine’s government institutions in the first five months of 2021.

Russia has already carried out numerous massive cyber attacks against Ukraine in the past.

In 2015, Russian hackers targeted one of Ukraine’s energy companies, leaving around 230,000 Ukrainians in the dark for up to six hours. The following year,  Russia similarly attacked Kyiv, causing power outages in large parts of the capital.

The hardest hit came in 2017, when ransomware “NotPetya” spread across Ukrainian ministries, banks, and energy firms. The virus later spread to the US, Denmark, and India, but Ukraine was targeted the most.

Three years of reporting, funded by our readers.
Millions read the Kyiv Independent, but only one in 10,000 readers makes a financial contribution. Thanks to our community we've been able to keep our reporting free and accessible to everyone. For our third birthday, we're looking for 1,000 new members to help fund our mission and to help us prepare for what 2025 might bring.
Three years. Millions of readers. All thanks to 12,000 supporters.
It’s thanks to readers like you that we can celebrate another birthday this November. We’re looking for another 1,000 members to help fund our mission, keep our journalism accessible for all, and prepare for whatever 2025 might bring. Consider gifting a membership today or help us spread the word.
Help us get 1,000 new members!
Become a member Gift membership
visa masterCard americanExpress

News Feed

1:40 PM

Merkel describes Trump as 'fascinated by Putin' in her memoir.

"(Donald Trump) saw everything from the point of view of a property developer, which is what he was before he came into politics. Every plot of land could only be sold once, and if he didn't get it, someone else would," Angela Merkel says in her memoir.
11:54 PM

Biden seeks to cancel over $4.5 billion of Ukraine's debt.

"We have taken the step that was outlined in the law to cancel those loans, provide that economic assistance to Ukraine, and now Congress is welcome to take it up if they wish," U.S. State Department spokesperson Matthew Miller said on Nov. 20.
MORE NEWS

Editors' Picks

Enter your email to subscribe
Please, enter correct email address
Subscribe
* indicates required
* indicates required
Subscribe
* indicates required
* indicates required
Subscribe
* indicates required
Subscribe
* indicates required
Subscribe
* indicates required

Subscribe

* indicates required
Subscribe
* indicates required
Subscribe
* indicates required
Explaining Ukraine with Kate Tsurkan
* indicates required
Successfuly subscribed
Thank you for signing up for this newsletter. We’ve sent you a confirmation email.