Ukraine’s government says that it has restored services to governmental websites that were subject to a cyberattack earlier on Friday. Multiple governmental websites were defaced with messages telling users to “be afraid and expect the worst”, in what a spokesperson for Ukraine’s Foreign Ministry called a “massive” cyberattack.
Ukraine’s cyber police has stated that around 70 websites including those of the government’s cabinet, education ministry and foreign ministry were attacked, with 10 suffering from “intrusions”. However, the contents of the sites attacked were not altered, and no leaks of personal data have been found. Ukrainian police say that a “supply chain attack” was “very likely”, where the attackers gained access to the network of a commercial company that had administrator rights to the affected websites.
While a Foreign Ministry spokesperson stated to Sky News that it was “too early to draw conclusions”, they noted that there was “a long record of Russian assaults against Ukraine”. Ukraine’s State Security Service, which is jointly investigating the cyberattack, has stated that there are “some signs of involvement” by hacker groups associated with Russian intelligence services.
A message on the defaced websites in Ukrainian, Russian and Polish told visitors to the affected sites:
“Ukrainian! All your personal data was uploaded to the public network. All data on the computer is destroyed, it is impossible to restore it.
All information about you has become public, be afraid and expect the worst. This is for your past, present and future.”
The message went on to repeat Russian accusations that Kyiv was subservient to far-right ultranationalist groups, something denied repeatedly by Kyiv since 2014.
The cyberattack was condemned by NATO Secretary-General Jens Stoltenberg, who stated that NATO cyber experts in Brussels were exchanging information with their Ukrainian counterparts on the cyberattacks, in addition to support “on the ground” by experts from NATO allies. He added that Ukraine would be given access to NATO’s malware information sharing platform “in the coming days”, as part of an agreement on enhanced cyber cooperation between NATO and Ukraine.
Josep Borrell, the European Union’s top diplomat, stated that the EU has called an emergency meeting to see how it can react and provide technical assistance to Ukraine, noting that he had asked member states to mobilize resources for cyberattack response even if Ukraine was not an EU member. While he said that he had no proof to attribute the attack with, he added that “we can imagine” who was responsible.
The cyberattacks came shortly after the end of a series of talks between Russia and the United States on a variety of issues on Thursday. Following an inconclusive end to the meetings on Thursday, American and Ukrainian intelligence officials have since warned that Russia is preparing for a false flag attack to justify a larger incursion into Ukraine.
Cyberattacks have previously been used by Russia as part of the War in Donbass, with a December 2015 hack of Ukraine’s power grid temporarily disabling electricity to 230,000 consumers. Similarly, the 2017 NotPetya cyberattack initially targeted Ukrainian computer systems before spreading internationally, with Washington subsequently accusing Russian military intelligence of responsibility for what it described as the “most destructive and costly cyber-attack in history”.