The Ministry of Digital Transformation pointed the finger at Russia on Jan. 16, accusing it of being responsible for the massive cyberattack that crashed many government’s websites on the night of Jan. 13-14.
“As of now, we can say that all the evidence points to the fact that Russia is behind the cyberattack,” the ministry said in its press release.
The attackers appeared to make it seem like the attack originated from Poland. They put up a threatening message in Ukrainian, Russian, and Polish, that referenced certain conflicting points in the history of Ukraine and Poland from the early 20th century.
Speakers of Polish promptly pointed out that the Polish part of the message had mistakes and likely wasn't written by a native speaker of the language.
The fact that the attack came amid the ongoing threat of military escalation from Russia led many to attribute it to Russian hackers even before Ukraine's Ministry of Digital Transformation said that evidence points at Russia's involvement.
Meanwhile, Microsoft released a report, warning of the presence of dangerous malware on dozens of Ukrainian government computers. The company said the malware was first detected the day before the attack, and had been launched from Ukraine.
“On Jan. 13, Microsoft identified intrusion activity originating from Ukraine that appeared to be possible Master Boot Records (MBR) Wiper activity,” Microsoft’s investigation shows.
A Master Boot Records (MBR) Wiper is a malware program preventing the system behind the websites from functioning properly, "intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom," according to Microsoft.
“During our investigation, we found a unique malware capability being used in intrusion attacks against multiple victim organizations in Ukraine.”
The cyberattack was one of the worst cyberattacks against Ukraine in the last four years, Deputy Head of the State Service for Special Communications and Information Protection Viktor Zhora said during a briefing on Jan. 14.
Among the targeted websites were the Ministry of Foreign Affairs, Ministry of Veterans Affairs, State Emergency Service, Cabinet of Ministers, Ministry of Energy, and the Ministry of Education and Science.
The website of Diia, Ukraine’s e-governance platform that allows Ukrainians to access their digital documents like passports and driving licenses, was also down on the morning of Jan. 14. The message on the website said it was under maintenance. The Diia app worked normally.
Initially, hackers replaced their homepages with a threatening message addressed to Ukrainians, claiming that their private data was “uploaded to the web” and became public, a claim that couldn’t be verified, and was later denied by the government.
Earlier, Britain and the United States have sent their cyberwarfare experts to Ukraine to help the country prepare for a major cyberattack from Moscow, the New York Times reported in Dec. of 2021, citing its sources.
The article said the Kremlin’s goal would be to make Ukraine’s president, Volodymyr Zelensky, “look inept and defenseless,” according to American intelligence assessments, “and perhaps provide an excuse for an invasion”. Russia has amassed over 120,000 troops near the borders of Ukraine.
The State Service for Special Communications and Information Protection of Ukraine said it has stopped over 1.7 million cyber attacks on Ukraine’s government institutions in the first five months of 2021.
Russia has already carried out numerous massive cyber attacks against Ukraine in the past.
In 2015, Russian hackers targeted one of Ukraine’s energy companies, leaving around 230,000 Ukrainians in the dark for up to six hours. The following year, Russia similarly attacked Kyiv, causing power outages in large parts of the capital.
The hardest hit came in 2017, when ransomware “NotPetya” spread across Ukrainian ministries, banks, and energy firms. The virus later spread to the US, Denmark, and India, but Ukraine was targeted the most.