Ukraine Says ‘Massive’ Cyberattack Has Russian Fingerprints

KYIV, Ukraine — Ukrainian officials have said Russia is likely to blame for a massive cyberattack that struck multiple government websites in the early morning hours of Friday, Jan. 14.

“This is not the first time or even the second time that Ukrainian internet resources have been attacked by Russian military aggression,” the Ministry of Culture and Information Policy of Ukraine said in a Friday release. “The purpose of such attacks is to destabilize the internal situation in the country, as well as to sow chaos and despair in society.”

Oleg Nikolenko, spokesperson for the Ministry of Foreign Affairs of Ukraine, described the cyberattack as “massive” in a message posted to Twitter on Friday.

Russian preparations for an operation are steadily advancing. Support and logistics trickling in, formations with personnel sent from Eastern MD. The outlook, in my view, has grown worse. https://t.co/TZPxJm9kGG

— Michael Kofman (@KofmanMichael) January 13, 2022

Beginning 4 a.m. Friday, a barrage of cyberattacks temporarily disabled the websites of Ukraine’s Ministry of Foreign Affairs and several other government agencies. The hackers left behind messages warning Ukrainians to “be afraid and expect the worst.”

Other Ukrainian government websites targeted in Friday’s hack include: the State Emergency Service, the Ministry of Education, the Ministry of Sport, the Ministry of Energy, and the Ministry of Agrarian Policy. According to Ukraine’s information ministry, no personal data was compromised in the breach. Although an investigation is ongoing, Ukrainian officials say the available evidence suggests that Russia was behind the cyberattack.

As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down. Our specialists have already started restoring the work of IT systems, and the cyberpolice has opened an investigation.

— Oleg Nikolenko (@OlegNikolenko_) January 14, 2022

Friday’s cyberattacks come at a time of extraordinary tensions. More than 100,000 Russian troops are currently massed on Ukraine’s borders. And with more soldiers and equipment currently streaming in from Russia’s eastern regions, many experts warn that a major Russian offensive in the coming weeks is looking more likely.

While Friday’s cyberattack suggests an overall uptick in Russian scare tactics, cyberwarfare activities intended to support kinetic military operations will be far more punishing, said Richard Stiennon, chief research analyst at IT-Harvest, a US-based cybersecurity firm.

“Defacing government websites is more a tactic of intimidation,” Stiennon told Coffee or Die Magazine. “The actual precursor to an armed invasion will be cyberattacks against the power grid, communications systems, GPS sensors, and radar systems. Because these are acts of war, the warning will be short, less than a day.”

According to Kyiv, Friday’s cyberattack was linked to Russia’s recent military buildup on Ukraine’s border, as well as recent demands by Moscow that NATO make legal guarantees to never admit Ukraine as a member of the Western alliance.

During Friday’s breaches, the Ukrainian foreign affairs ministry website was replaced by a static screen of text in Russian, Ukrainian, and grammatically flawed Polish, referencing historical enmities between Ukraine and Poland.

“Ukrainian! All your personal data was uploaded to the public network. All data on the computer is destroyed, it is impossible to restore it,” the hackers wrote, adding: “This is for your past, present and future […] and for historical lands.”

Ukrainian officials said the hackers’ message was apparently intended to drive a wedge between Ukraine and its NATO partners — Poland, in particular.

“Russia and its proxies have been working for a long time to quarrel between two friendly neighbors,” Ukraine’s information ministry announced Friday. “After all, the past of Polish-Ukrainian relations is a sensitive topic.”

⚡️BREAKING: #Ukraine was hit by a massive cyber attack, with at least 6 gov. websites down.

Media says hackers left a message:

“All information about you became public, be scared and wait for the worst. This is for your past, present, and future… and for historical lands”. pic.twitter.com/bhjGR8oGmR

— Anastasiia Lapatina (@lapatina_) January 14, 2022

For its part, NATO immediately condemned Friday’s cyberattack and pledged tighter security cooperation with Ukraine.

“In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation, including Ukrainian access to NATO’s malware information sharing platform,” NATO Secretary General Jens Stoltenberg said Friday.

“NATO’s strong political and practical support for Ukraine will continue,” Stoltenberg said.

A series of meetings this week between Russian officials and representatives from the US, NATO, and the Organization for Security and Cooperation in Europe failed to defuse the current Ukraine border tensions. Should Russia strike Ukraine, many experts predict the operation would be a multidomain military offensive, involving air, ground, and naval forces — as well as cyberattacks and information warfare actions.

“I do not think anything in cyberspace could be decisive, but cyber operations are now an essential part of peacetime intelligence collection and kinetic military operations,” Kenneth Geers, a Cyber Statecraft Initiative senior fellow at the Atlantic Council, told Coffee or Die.

In 2014, Russia seized Ukraine’s Crimean Peninsula and launched an unconventional invasion of Ukraine’s eastern Donbas region. After nearly eight years, the war in the Donbas is ongoing along a static, entrenched front line.

Since 2014, Russia has effectively used Ukraine as a testing ground for its contemporary cyberwarfare tactics and technologies. Russia has combined the use of conventional military force with cyberattacks and propaganda, both on the battlefield and deep behind the front lines, to spread chaos and confusion.

As air power did after World War I, Russia’s cyberwar against Ukraine has redefined the boundaries of the modern battlefield. Over the years, Russian cyberattacks have hit Ukraine’s water supply systems, the country’s banking system (shutting down ATMs), its largest international airport, and the electoral process. In December 2016, a cyberattack, which Ukrainian officials attributed to Russia, took down one-fifth of Kyiv’s electrical grid.

Russia has also used cyberwarfare as a tactical tool on the battlefield.

During the 2015 battle for Debaltseve in eastern Ukraine, Russian military forces reportedly took over the surrounding cellular network with mobile jamming stations and sent threatening SMS messages to Ukrainian troops. Over the intervening years, Ukrainian soldiers at other locations — both on the Donbas front lines and near Crimea — have reported receiving similar text messages from their Russian adversaries.

Since 2014, Ukrainian security services have thwarted numerous cyberattacks in which malware from abroad was used in attempts to steal classified information from Ukrainian government networks. Since 2014 Ukraine has established a Situation Center for Cybersecurity, and Ukrainian officials have fostered closer ties to Western intelligence agencies.

“Both sides are vulnerable, and Russia will keep that in mind,” Geers said.

Read Next: ‘Emergency Suitcases’ and Mass Evacuation Plans: Ukraine Preps for Worst-Case Russian Attack