Ukraine Says ‘Massive’ Cyberattack Has Russian Fingerprints

January 14, 2022Nolan Peterson
Ukraine Russian cyberattack

Members of the Ukrainian Army’s 93rd Mechanized Brigade on operations in February 2021. Photo by Armed Forces of Ukraine.

KYIV, Ukraine — Ukrainian officials have said Russia is likely to blame for a massive cyberattack that struck multiple government websites in the early morning hours of Friday, Jan. 14.

“This is not the first time or even the second time that Ukrainian internet resources have been attacked by Russian military aggression,” the Ministry of Culture and Information Policy of Ukraine said in a Friday release. “The purpose of such attacks is to destabilize the internal situation in the country, as well as to sow chaos and despair in society.”

Oleg Nikolenko, spokesperson for the Ministry of Foreign Affairs of Ukraine, described the cyberattack as “massive” in a message posted to Twitter on Friday.

Beginning 4 a.m. Friday, a barrage of cyberattacks temporarily disabled the websites of Ukraine’s Ministry of Foreign Affairs and several other government agencies. The hackers left behind messages warning Ukrainians to “be afraid and expect the worst.”

Other Ukrainian government websites targeted in Friday’s hack include: the State Emergency Service, the Ministry of Education, the Ministry of Sport, the Ministry of Energy, and the Ministry of Agrarian Policy. According to Ukraine’s information ministry, no personal data was compromised in the breach. Although an investigation is ongoing, Ukrainian officials say the available evidence suggests that Russia was behind the cyberattack.

Friday’s cyberattacks come at a time of extraordinary tensions. More than 100,000 Russian troops are currently massed on Ukraine’s borders. And with more soldiers and equipment currently streaming in from Russia’s eastern regions, many experts warn that a major Russian offensive in the coming weeks is looking more likely.

While Friday’s cyberattack suggests an overall uptick in Russian scare tactics, cyberwarfare activities intended to support kinetic military operations will be far more punishing, said Richard Stiennon, chief research analyst at IT-Harvest, a US-based cybersecurity firm.

“Defacing government websites is more a tactic of intimidation,” Stiennon told Coffee or Die Magazine. “The actual precursor to an armed invasion will be cyberattacks against the power grid, communications systems, GPS sensors, and radar systems. Because these are acts of war, the warning will be short, less than a day.”

According to Kyiv, Friday’s cyberattack was linked to Russia’s recent military buildup on Ukraine’s border, as well as recent demands by Moscow that NATO make legal guarantees to never admit Ukraine as a member of the Western alliance.

Ukraine soldiers
Ukrainian military forces return from the Donbas front lines in August 2014. Photo by Nolan Peterson.

During Friday’s breaches, the Ukrainian foreign affairs ministry website was replaced by a static screen of text in Russian, Ukrainian, and grammatically flawed Polish, referencing historical enmities between Ukraine and Poland.

“Ukrainian! All your personal data was uploaded to the public network. All data on the computer is destroyed, it is impossible to restore it,” the hackers wrote, adding: “This is for your past, present and future […] and for historical lands.”

Ukrainian officials said the hackers’ message was apparently intended to drive a wedge between Ukraine and its NATO partners — Poland, in particular.

“Russia and its proxies have been working for a long time to quarrel between two friendly neighbors,” Ukraine’s information ministry announced Friday. “After all, the past of Polish-Ukrainian relations is a sensitive topic.”

For its part, NATO immediately condemned Friday’s cyberattack and pledged tighter security cooperation with Ukraine.

“In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation, including Ukrainian access to NATO’s malware information sharing platform,” NATO Secretary General Jens Stoltenberg said Friday.

“NATO’s strong political and practical support for Ukraine will continue,” Stoltenberg said.

A series of meetings this week between Russian officials and representatives from the US, NATO, and the Organization for Security and Cooperation in Europe failed to defuse the current Ukraine border tensions. Should Russia strike Ukraine, many experts predict the operation would be a multidomain military offensive, involving air, ground, and naval forces — as well as cyberattacks and information warfare actions.

“I do not think anything in cyberspace could be decisive, but cyber operations are now an essential part of peacetime intelligence collection and kinetic military operations,” Kenneth Geers, a Cyber Statecraft Initiative senior fellow at the Atlantic Council, told Coffee or Die.

Russian cyberattack warning
A screenshot of the Ukraine Ministry of Foreign Affairs Website early Friday, Jan. 14, 2022, with a message in Russian, Ukrainian, and Polish.

In 2014, Russia seized Ukraine’s Crimean Peninsula and launched an unconventional invasion of Ukraine’s eastern Donbas region. After nearly eight years, the war in the Donbas is ongoing along a static, entrenched front line.

Since 2014, Russia has effectively used Ukraine as a testing ground for its contemporary cyberwarfare tactics and technologies. Russia has combined the use of conventional military force with cyberattacks and propaganda, both on the battlefield and deep behind the front lines, to spread chaos and confusion.

As air power did after World War I, Russia’s cyberwar against Ukraine has redefined the boundaries of the modern battlefield. Over the years, Russian cyberattacks have hit Ukraine’s water supply systems, the country’s banking system (shutting down ATMs), its largest international airport, and the electoral process. In December 2016, a cyberattack, which Ukrainian officials attributed to Russia, took down one-fifth of Kyiv’s electrical grid.

Ukraine winter warfare
A Ukrainian tank operating in the country’s severe winter conditions in December 2018. Photo by Ministry of Defense of Ukraine.

Russia has also used cyberwarfare as a tactical tool on the battlefield.

During the 2015 battle for Debaltseve in eastern Ukraine, Russian military forces reportedly took over the surrounding cellular network with mobile jamming stations and sent threatening SMS messages to Ukrainian troops. Over the intervening years, Ukrainian soldiers at other locations — both on the Donbas front lines and near Crimea — have reported receiving similar text messages from their Russian adversaries.

Since 2014, Ukrainian security services have thwarted numerous cyberattacks in which malware from abroad was used in attempts to steal classified information from Ukrainian government networks. Since 2014 Ukraine has established a Situation Center for Cybersecurity, and Ukrainian officials have fostered closer ties to Western intelligence agencies.

“Both sides are vulnerable, and Russia will keep that in mind,” Geers said.

Read Next: ‘Emergency Suitcases’ and Mass Evacuation Plans: Ukraine Preps for Worst-Case Russian Attack

Nolan Peterson
Nolan Peterson
Nolan Peterson is a senior editor for Coffee or Die Magazine and the author of Why Soldiers Miss War. A former US Air Force special operations pilot and a veteran of the wars in Afghanistan and Iraq, Nolan is now a conflict journalist and author whose adventures have taken him to all seven continents. In addition to his memoirs, Nolan has published two fiction collections. He lives in Kyiv, Ukraine, with his wife, Lilya.
More from Coffee or Die Magazine
How the Bazooka Gained Infamy as a Tank-Buster

Named after a musical instrument, the Bazooka proved to be a highly effective weapon for American troops, including one maverick pilot, throughout multiple wars.

Secretary of the Air Force Frank Kendall (center) delivers testimony during a House Appropriations Committee hearing in the Capitol Building, Washington, D.C.
Home to Glenn, Armstrong, Wrights Perfect Spot for Space Command HQ, Ohio Lawmakers Say

Ohio lawmakers pitch their state as the new location for Space Command headquarters.

Soflete: How This Veteran-Led Company is Changing Military Fitness Culture

In 2014, Soflete’s co-founders saw workout overkill hurting their peers as they prepared for selecti...

glock 19
Glock 19: Origin Story of a Legendary Pistol

Get to know the Glock 19 — how it works, who uses it, and why it’s one of the most popular handguns in the US.

afghan soldier asylum
Afghan Soldier Who Helped US Weathers Injuries, Uncertainty in Asylum Bid

Afghan soldier who assisted the U.S. now faces uncertainty in bid for asylum.

The Dirty Dozen
‘The Dirty Dozen’: Meet D-Day’s Real Rogue Commandos

The Dirty Dozen was based on a real team of rule-breaking elite paratroopers who jumped into France ahead of D-Day.

d-day 79th anniversary
Normandy Marks D-Day's 79th Anniversary, Honors World War II Veterans

This year's D-Day tribute to the young soldiers who died in Normandy is not only a chance to honor t...

  • About Us
  • Privacy Policy
  • Careers
Contact Us
  • Request a Correction
  • Write for Us
  • General Inquiries
© 2023 Coffee or Die Magazine. All Rights Reserved