The websites of several ministries were hit, including the Foreign Ministry and the Ministry of Education and Science. A message posted on the Foreign Ministry’s home page in Ukrainian, Russian and Polish suggested users’ data had been compromised and uploaded online, though the hackers didn’t demonstrate evidence that any private information had been accessed.
“Be afraid and expect the worst,” the message read. The Ukrainian government’s computer-emergency response team said in an online alert that its preliminary analysis indicated no personal data had been leaked.
A group of Ukrainian government experts said Russia was likely behind the attack, given the timing and content of the message.
“The hacking of Ukrainian government bodies may be part of a psychological attack on Ukrainians,” experts from the Ministry of Culture and Information Policy said in a statement posted on their website.
The Russian embassy in Washington didn’t immediately respond to a request for comment. Russia has in the past denied accusations from Kyiv and its Western backers of launching cyberattacks in Ukraine.
The hack comes as Russia has gathered tens of thousands of troops around Ukraine and demanded the North Atlantic Treaty Organization give a binding guarantee never to grant the former Soviet republic membership. Moscow this week began moving tanks, infantry fighting vehicles, rocket launchers and other military equipment westward from their bases in its Far East, The Wall Street Journal reported.
The U.S. and its allies held talks with Russia this week to try to lower tensions, but they didn’t yield a breakthrough.
A spokeswoman for the White House National Security Council said that the U.S. and its partners were concerned about the attack and that President Biden had been briefed about it.
“We don’t have an attribution at this time,” the spokeswoman said. “While we continue to assess the impact with the Ukrainians, it seems limited so far with websites coming back online.”
U.S. officials have said privately for weeks that if Russia decides to invade Ukraine, cyberattacks against its neighbor are likely to be among the earliest signals of aggression. Officials have also been warning some U.S. companies, including the financial sector, that Russia could retaliate against them if the Biden administration seeks to punish Moscow for an invasion.
NATO has warned Russia against using disinformation and cyberattacks to destabilize Ukraine, which is seeking to integrate with the West.
NATO Secretary-General Jens Stoltenberg on Friday condemned the attack. He said the alliance has been helping Ukraine for several years to boost its cyber defenses and NATO specialists are working with their Ukrainian counterparts to address the attack.
Mr. Stoltenberg said NATO and Ukraine in coming days would sign an accord to further boost cyber cooperation, “including Ukrainian access to NATO’s malware information-sharing platform.”
Russia-backed separatists in east Ukraine have been fighting government forces for years.
Photo: ALEXANDER ERMOCHENKO/REUTERS
European Union foreign-policy chief Josep Borrell said ahead of a meeting of foreign ministers in France on Friday that the bloc would “mobilize all our resources to help Ukraine to tackle this cyberattack.” He said he didn’t have proof of who was responsible “but we can imagine.”
Moscow says Ukraine is part of its sphere of influence and has used military, economic and other measures to pull its neighbor closer. Russia seized Crimea in 2014 and carved out two self-declared separatist statelets that have been at war with the government in Kyiv ever since.
Ukraine’s security service said that it was investigating the attack, and that its effects had mostly been remedied. The Foreign Ministry’s website was still down as of midafternoon in Kyiv.
The message on the website, since removed, referred to Ukrainian insurgent fighters during World War II who are venerated by some in Ukraine for fighting the Nazis and the Soviets, lambasted as “fascists” by Russia and criticized for massacres of Poles.
Ukraine has been pummeled with cyberattacks linked to the Russian government in the past, including attacks in 2015 and 2016 that led to blackouts for hundreds of thousands of Ukrainians during winter.
In the U.S., cybersecurity experts and officials took note that the attacks coincided with Russia’s troop buildup and the conclusion of three rounds of talks in Europe on the Ukraine crisis, but said that alone wasn’t reason enough to conclude that Moscow was behind the assault.
John Hultquist, vice president of intelligence analysis at the U.S.-based cyber firm Mandiant, said that it was too soon to say who was responsible for the attack and that historically website defacements were typically “the realm of hacktivists and low-level hackers.”
Hackers whom U.S. and Western officials have linked to Russia’s military intelligence—a group Mr. Hultquist and other cybersecurity researchers refer to as Sandworm—have engaged in website defacements in the past. The U.S. and British governments blamed the group cyberattacks in 2019 against websites run by the nation of Georgia’s government, its courts and media organizations.
”This incident could be the work of government actors or government-sponsored actors or it could have been done by elements of civil society reacting independently,” said Mr. Hultquist, who has personally tracked Sandworm’s activities for seven years. “It’s important not to overestimate the capability necessary to carry out this attack.”
Write to James Marson at james.marson@wsj.com and Dustin Volz at dustin.volz@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
