Hackers Bring Down Government Sites in Ukraine

“Be afraid,” warned a message on the defaced Foreign Ministry website, a day after talks between the West and Moscow aimed at preventing a Russian invasion hit an impasse.,

“Be afraid,” warned a message on the defaced Foreign Ministry website, a day after talks between the West and Moscow aimed at preventing a Russian invasion hit an impasse.

KYIV, Ukraine — Hackers brought down several Ukrainian government websites on Friday, posting a message on the site of the Foreign Ministry saying, “Be afraid and expect the worst.” It was the latest in a long line of cyberattacks targeting the country amid its conflict with Russia.

The attack on Friday was ominous for its timing, coming a day after the apparent breakdown of diplomatic talks between Russia and the West intended to forestall a threatened Russian invasion of Ukraine. The message appeared in Ukrainian, Russian and Polish on the foreign ministry website.

“As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down,” the ministry said in a statement.

Diplomats and analysts have been anticipating a cyberattack on Ukraine, but proving such actions is notoriously difficult. Ukraine did not directly blame Russia for the attack, but pointedly noted that there was a long record of Russian online assaults against Ukraine.

The move to post the message on the foreign ministry site in three languages seemed to be an effort to obfuscate the origins of the hackers and their motives, and shift blame and suspicion elsewhere.

“Ukrainians! All your personal data was uploaded to the internet,” the message read. “All data on the computer is being destroyed. All information about you became public. Be afraid and expect the worst.” It also raised a number of historical grievances between Poland and Ukraine.

The attack came within hours of the conclusion of talks this week between Russia and the United States and NATO in Europe that were intended to find a diplomatic resolution after Russia massed tens of thousands of troops near the border with Ukraine. Moscow has demanded sweeping security concessions, including a promise not to accept Ukraine into the NATO alliance.

On Thursday, Russian officials said the talks had not yielded results, and one senior diplomat said they were approaching “a dead end.”

Russia’s deputy foreign minister, Sergei A. Ryabkov, said after the last round of talks on Thursday that, “the United States and its allies are actually saying ‘no’ to key elements of these texts,” referring to two draft treaties on security issues that Russia had proposed to NATO and the United States. “This is what we call a dead end or a different approach,” Mr. Ryabkov said.

Ukrainian government websites began crashing a few hours later, according to the Ukrainian Foreign Ministry, which said the cyberattack occurred overnight from Thursday to Friday.

By morning, the hack had crippled much of the government’s public-facing digital infrastructure, including the most widely used site for handling government services online, Diia. The smartphone app version of the program was still operating, the Ukrainska Pravda newspaper reported. Diia also has a role in Ukraine’s coronavirus response and in encouraging vaccination.

Image

Russian soldiers near the border with Ukraine on Wednesday. The hack came after talks aimed at resolving the Ukraine-Russia situation ended.Credit…Sergey Pivovarov/Reuters

The attack crippled the sites of the Cabinet of Ministers, and the ministries of energy, sports, agriculture, veterans’ affairs, and ecology, along with many other government websites. The websites of the president and the defense ministry remained online.

A Ukrainian government agency, the Center for Strategic Communications and Information Security, which was established to counter Russian disinformation, issued a statement more directly blaming Russia for the hack than the foreign ministry had earlier in the day.

“We have not seen such a significant attack on government organizations in some time,” it said. “We suggest the current attack is tied to the recent failure of Russian negotiations on Ukraine’s future in NATO.”

The statement noted a resumption in recent days of Russian military exercises near the Ukrainian border and said, “the hacking activity targeting state bodies could be a part of this psychological attack on Ukrainians.”

Often, untangling the digital threads of such cyberoperations can takes days or weeks, which is one of the appeals of their use in modern conflicts. Sophisticated cybertools have turned up in standoffs between Israel and Iran, and the United States blamed Russia for using hacking to influence the 2016 election in the United States to benefit Donald J. Trump.

Understand the Escalating Tensions Over Ukraine

Card 1 of 5

A brewing conflict. Antagonism between Ukraine and Russia has been simmering since 2014, when the Russian military crossed into Ukrainian territory, annexing Crimea and whipping up a rebellion in the east. A tenuous cease-fire was reached in 2015, but peace has been elusive.

A spike in hostilities. Russia has recently been building up forces near its border with Ukraine, and the Kremlin’s rhetoric toward its neighbor has hardened. Concern grew in late October, when Ukraine used an armed drone to attack a howitzer operated by Russian-backed separatists.

Ominous warnings. Russia called the strike a destabilizing act that violated the cease-fire agreement, raising fears of a new intervention in Ukraine that could draw the United States and Europe into a new phase of the conflict.

The Kremlin’s position. President Vladimir V. Putin of Russia, who has increasingly portrayed NATO’s eastward expansion as an existential threat to his country, said that Moscow’s military buildup was a response to Ukraine’s deepening partnership with the alliance.

Rising tension. Western countries have tried to maintain a dialogue with Moscow. But administration officials recently warned that the U.S. could throw its weight behind a Ukrainian insurgency should Russia invade.

Ukraine has long been viewed as a testing ground for Russian online operations, a sort of free-fire zone for cyberweaponry in a country already entangled in a real world shooting war with Russian-backed separatists in two eastern provinces. The U.S. government has traced some of the most drastic cyberattacks of the past decade to Russian actions in Ukraine.

Tactics seen first in Ukraine have later popped up elsewhere. A Russian military spyware strain called X-Agent or Sofacy that Ukrainian cyber experts say was used to hack Ukraine’s Central Election Commission during a 2014 presidential election, for example, was later found in the server of the Democratic National Committee in the United States after the electoral hacking attacks in 2016.

Other types of malware like BlackEnergy, Industroyer and KillDisk, intended to sabotage computers used to control industrial processes, shut down electrical substations in Ukraine in 2015 and 2016, causing blackouts, including in the capital, Kyiv.

The next year, a cyberattack targeting Ukrainian businesses and government agencies that spread, perhaps inadvertently, around the world in what Wired magazine later called “the most devastating cyberattack in history.” The malware, known as NotPetya, had targeted a type of Ukrainian tax preparation software but apparently spun out of control, according to experts.

The attack initially seemed narrowly focused on the conflict between Ukraine and Russia. It coincided with the assassination of a Ukrainian military intelligence officer in a car bombing in Kyiv and the start of an E.U. policy granting Ukrainians visa-free travel, an example of the type of integration with the West that Russia has opposed.

But NotPetya spread around the world, with devastating results, illustrating the risks of collateral damage from military cyberattacks for people and businesses whose lives are increasingly conducted online, even if they live far from conflict zones. Russian companies, too, suffered when the malware started to circulate in Russia.

A U.S. grand jury in Pittsburgh in 2020 indicted six Russian military intelligence officers for the electrical grid shutdowns and the NotPetya attack, in a court filing showing the costs of releasing military grade malware onto the open internet.

The indictment cited three American companies — a FedEx subsidiary; Heritage Valley Health System, a Pennsylvania-based hospital group; and an unidentified pharmaceutical company — that together suffered nearly $1 billion in damages from computers scrambled by the Russian cyberweapon initially directed at Ukraine. The total global cost is thought to be far higher

Maria Varenikova contributed reporting.

Leave a Reply