Cyberattack in Ukraine targets government websites

KYIV – A cyberattack near a fig of Ukrainian authorities websites temporarily unavailable Friday, officials said.

While it wasn't instantly wide who was responsible, the disruption came amid heightened tensions with Russia and aft talks betwixt Moscow and the West failed to output immoderate important advancement this week.

Ukrainian Foreign Ministry spokesperson Oleg Nikolenko told The Associated Press it was excessively soon to accidental who was down it, "but determination is simply a agelong grounds of Russian cyber assaults against Ukraine successful the past.”

Moscow had antecedently denied engagement successful cyberattacks against Ukraine.

About 70 websites of some nationalist and determination authorities bodies were targeted successful the onslaught but nary captious infrastructure was affected and nary idiosyncratic information accessed, according to Victor Zhora, lawman seat of the State Service of Special Communication and Information Protection.

The hack amounted to a elemental defacement of authorities websites, said Oleh Derevianko, a starring backstage assemblage adept and laminitis of the ISSP cybersecurity firm. The hackers got into a contented absorption strategy they each use, but “didn’t get entree to the websites themselves.”

Ad

The main question, said Derevianko, is whether this is simply a standalone hacktivist enactment — “patriotic” Russian freelancers — oregon portion of a larger state-backed operation.

A connection posted by the hackers successful Russian, Ukrainian and Polish claimed Ukrainians’ idiosyncratic information was placed online and destroyed. It told Ukrainians to “be acrophobic and expect the worst.” In response, Poland's authorities issued a connection noting that Russia has a past of specified disinformation campaigns and that the Polish successful the connection was intelligibly not from a autochthonal speaker.

Tensions betwixt Ukraine and Russia person been moving precocious successful caller months aft Moscow amassed an estimated 100,000 troops adjacent Ukraine's border.

NATO Secretary-General Jens Stoltenberg said Friday that the confederation volition proceed to supply “strong governmental and applicable support” to Ukraine successful airy of the cyberattacks.

“In the coming days, NATO and Ukraine volition motion an statement connected enhanced cyber cooperation,” Stoltenberg said successful a statement.

Ad

Russia has a agelong past of cyberattacks against Ukraine, including astir thwarting its 2014 nationalist elections and concisely crippling parts of its powerfulness grid during the winters of 2015 and 2016. In 2017, Russia unleashed 1 of astir damaging cyberattacks connected grounds with the NotPetya microorganism that targeted Ukrainian businesses and caused much than $10 cardinal successful harm globally.

Ukrainian cybersecurity professionals person been fortifying the defenses of captious infrastructure ever since. Zhora has told the AP that officials are peculiarly acrophobic astir Russian attacks connected the powerfulness grid, obstruction web and cardinal bank.

Experts person said precocious that the menace of different specified cyberattack is important arsenic it would springiness Russian President Vladimir Putin the quality to destabilize Ukraine and different ex-Soviet countries that privation to articulation NATO without having to perpetrate troops.

“If you’re trying to usage it arsenic a signifier and a deterrent to halt radical from moving guardant with NATO information oregon different things, cyber is perfect,” Tim Conway, a cybersecurity teacher astatine the SANS Institute, told the AP successful an interrogation past week.

Ad

Conway was successful Ukraine past period conducting a simulated cyberattack connected the country’s vigor sector. The U.S. has been helping Ukraine bolster its cyber defenses done agencies including the Department of Energy and USAID.

The White House didn't instantly respond to a petition seeking comment.

In a abstracted improvement Friday, Russia's Federal Security Service, oregon FSB, announced the detention of members of the REvil ransomware gang, which was down past year’s Fourth of July play supply-chain onslaught targeting the Florida-based bundle steadfast Kaseya. The onslaught crippled much than 1,000 businesses and nationalist organizations globally.

The FSB claimed to person dismantled the gang, but REvil efficaciously disbanded successful July. Cybersecurity experts accidental its members mostly moved to different ransomware syndicates. They formed uncertainty Friday connected whether the arrests would importantly interaction Russian-speaking ransomware gangs, whose activities person lone moderately eased aft a drawstring of high-profile attacks connected captious U.S. infrastructure past twelvemonth including the Colonial Pipeline.

Ad

The FSB said it raided the homes of 14 radical members and seized implicit 426 cardinal rubles ($5.6 million), including successful cryptocurrency arsenic good arsenic computers, crypto wallets and 20 elite cars “bought with wealth obtained by transgression means.” All those detained person been charged with “illegal circulation of means of payment,” a transgression discourtesy punishable by up to six years successful prison. The suspects weren't named.

According to the FSB, the cognition was conducted astatine the petition of U.S. authorities, who reported the person of the radical to officials successful Moscow. It's the archetypal important nationalist enactment by Russian authorities since U.S. President Joe Biden warned Putin past twelvemonth that helium needed to ace down connected ransomware gangs successful his country.

Experts said it was excessively aboriginal to cognize if the arrests awesome a large Kremlin crackdown connected ransomware criminals — oregon if it whitethorn conscionable person been a piecemeal effort to appease the White House.

Ad

Bill Siegel, CEO of the ransomware effect steadfast Coveware, said he'll beryllium watching to spot what benignant of situation clip those arrested get. “The follow-through connected sentencing volition nonstop the strongest awesome 1 mode oregon different arsenic to IF determination has genuinely been a alteration successful however tolerant Russia volition beryllium successful the aboriginal to cyber criminals,” helium said via email.

Yelisey Boguslavskiy, probe manager astatine Advanced Intelligence, said that portion the arrests bash travel a signifier of Kremlin unit connected ransomware criminals — including successful immoderate cases prompting them to manus implicit decryption keys — those arrested could simply beryllium low-level affiliates, not the halfway radical that managed the data-scrambling malware. The REvil syndicate besides seemingly ripped disconnected immoderate affiliates truthful it had enemies successful the transgression underground, helium said.

REvil’s attacks crippled tens of thousands of computers worldwide and yielded astatine slightest $200 cardinal successful ransom payments, Attorney General Merrick Garland said successful November erstwhile announcing charges against 2 hackers affiliated with the gang.

Ad

Such attacks brought important attraction from instrumentality enforcement officials astir the world. The U.S. announced charges against 2 affiliates successful November, hours aft European instrumentality enforcement officials revealed the results of a lengthy, 17-nation operation. As portion of that operation, Europol said, a full of 7 hackers linked to REvil and different ransomware household person been arrested since February.

The AP reported past twelvemonth that U.S. officials, meanwhile, shared a tiny fig of names of suspected ransomware operators with Russian officials, who person said they were investigating.

Brett Callow, a ransomware expert with the cybersecurity steadfast Emsisoft, said that "whatever Russia's motivations whitethorn be, the arrests would "certainly nonstop shockwaves done the cybercrime community. The gang’s erstwhile affiliates and concern associates volition invariably beryllium acrophobic astir the implications.”

___

Ad

Frank Bajak reported from Boston, Litvinova reported from Moscow. Catherine Gaschka successful Brest, France, Alan Suderman successful Richmond, Virginia, and Eric Tucker successful Washington, contributed to this report.

Copyright 2022 The Associated Press. All rights reserved. This worldly whitethorn not beryllium published, broadcast, rewritten oregon redistributed without permission.