Ukraine's Defense Ministry, state banks hit by cyberattack
3D printed models of a padlock and people working on computers are seen in front of the words "cyber attack" and binary code displayed on a screen in this picture illustration, Feb. 1, 2022. (Reuters Photo)


The websites of the Ukrainian army, the Defense Ministry and major banks offline were hit by a series of cyberattacks on Tuesday as tensions escalate over the threat of a possible Russian invasion, according to the Ukrainian authorities.

Still, there was no indication the relatively low-level, distributed-denial-of-service (DDoS) attacks might be a smokescreen for more serious and damaging cyber mischief.

At least 10 Ukrainian websites were unreachable due to the attacks, including the defense, foreign and culture ministries and Ukraine's two largest state banks. In such attacks, websites are barraged with a flood of junk data packets, rendering them unreachable.

"We don't have any information of other disruptive actions that (could) be hidden by this DDoS attack," said Victor Zhora, a top Ukrainian cyber defense official. He said emergency response teams were working to cut off the attackers and recover services.

The Defense Ministry site showed an error message saying the site was "undergoing technical maintenance."

The affected sites include the Oschadbank state savings bank and Privat24 – two of the country's largest financial institutions. Customers at Privatbank, and the state-owned Sberbank reported problems with online payments and the banks' apps.

Among the attackers' targets was the hosting provider for Ukraine's army and Privatbank, said Doug Madory, director of internet analysis at the network management firm Kentik Inc.

"There is no threat to depositors' funds," Zhora's agency, the Ukrainian Information Ministry's Center for Strategic Communications and Information Security, said in a statement. Nor did the attack affect the communications of Ukraine's military forces, Zhora said.

It was too early to say who was behind the attack, he added.

The ministry statement suggested Russian involvement: "It is possible that the aggressor resorted to tactics of petty mischief because his aggressive plans aren't working overall," the Ukrainian statement said.

Quick attribution in cyberattacks is typically difficult, as aggressors often try to hide their tracks.

"We need to analyze logs from IT providers," Zhora said.

Oleh Derevianko, a leading private-sector expert and founder of the ISSP cybersecurity firm, said Ukrainians are always worried that such "noisy" cyberattacks could be masking something more sinister.

Poland raises alert against cyberattacks

Poland also alerted the security services and public administration against threats in cyberspace, the Government Centre for Security said on Tuesday, just hours after Ukraine reported its Defense Ministry and two banks had been hacked.

In a tweet late on Tuesday, the Government Security Centre said that the ALFA-CRP alert level, the lowest on a four-level scale, will be introduced across the country from 11:59 p.m. CET (10:59 a.m. GMT) on Feb. 15 until 11:59 p.m. CET on Feb. 28.

"The ALFA-CRP alert is a signal for security services and the whole public administration to be particularly vigilant. This means that the administration is obliged to conduct increased monitoring of the state of security of (information and communication technologies) ICT systems," the Government Security Centre said in a tweet.

The cyberattacks come amid tensions in Ukraine, which is feared to be on the brink of a possible invasion by Russian forces.

Escalating fears about a Russian invasion of Ukraine eased slightly as Russia sent signals Tuesday that it might be pulling back from the brink, but Western powers demanded proof.

A buildup of some 100,000 Russian troops around the ex-Soviet country spurred European leaders and Washington to warn of sweeping economic penalties if Russia escalates an ongoing separatist conflict in Ukraine by sending in troops.

Tensions have been exacerbated by Russian military drills, including near Ukraine and in Belarus, where the United States says some 30,000 troops are participating in exercises scheduled to run until Feb. 20.

Cyber aggression is nevertheless typical of Russian President Vladimir Putin, who likes to try to keep his adversaries off balance.

"These attacks are ratcheting up attention and pressure," said Christian Sorensen, the CEO of the cybersecurity firm SightGain who previously worked for United States Cyber Command. "The purpose at this stage is to increase leverage in negotiations."

Ukraine has been subject to a steady diet of Russian aggression in cyberspace since 2014 when Russia annexed the Crimean Peninsula and backed separatists in eastern Ukraine.

On Jan. 14, a cyberattack damaged servers at Ukraine's State Emergency Service and at the Motor Transport Insurance Bureau with a malicious "wiper" cloaked as ransomware. The damage proved minimal – some cybersecurity experts think that was by design, given the capabilities of Russian state-backed hackers. A message posted simultaneously on dozens of defaced Ukrainian government websites said: "Be afraid and expect the worst."

Serhii Demediuk, the No. 2 official at Ukraine's National Security and Defense Council, called the Jan. 14 attack "part of a full-scale Russian operation directed at destabilizing the situation in Ukraine, aimed at exploding our Euro-Atlantic integration and seizing power."

Such attacks are apt to continue as Putin tries to "degrade" and "delegitimize" trust in Ukrainian institutions, the cybersecurity firm CrowdStrike said in a subsequent blog post.

In the winters of 2015 and 2016, attacks on Ukraine's power grid attributed to Russia's GRU military intelligence agency temporarily knocked out power.

Russia's GRU has also been blamed for perhaps the most devastating cyberattack ever. Targeting companies doing business in Ukraine in 2017, the NotPetya virus caused over $10 billion in damage worldwide. The virus, also disguised as ransomware, was a "wiper" virus that scrubbed entire networks.