Ukraine’s Ministry of Defense and Armed Forces websites and online services of two state-owned banks were disrupted by suspected cyberattacks on Tuesday, government and bank officials have said.
The country’s defense ministry said in an English-language Facebook post that its web portal suffered a likely distributed denial of service attack, in which hackers flooded the website with traffic to overload its systems and take it offline.
“Scheduled technical work is currently under way on the restoration of the regular functioning of the web portal of the Ministry of Defense of Ukraine,” the ministry said, adding it would share updates through social media.
DDoS incidents also disrupted web services of the Armed Forces of Ukraine and PrivatBank and Oschadbank, the country’s largest lenders, according to the State Service of Special Communication and Information Protection of Ukraine. It said in a statement that a working group of Ukrainian cyber experts “is taking all necessary measures to resist and localize the cyberattack.”
Security experts have warned in recent weeks of cyberattacks targeting Ukrainian infrastructure as Russian troops mass on the country’s border in what Western officials fear is a prelude to an invasion. U.S. and European officials also fear that the effects of more destructive hacking campaigns, such as attacks aimed at disabling computer networks or corrupting sensitive data, could ripple across borders.
Kostiantyn Korsun, co-founder of the Ukrainian cyber firm Berezha Security Group.
Photo: Serhii Anishchenko/Zuma Press
Victor Zhora, chief digital transformation officer at the State Service of Special Communication and Information Protection of Ukraine, said it is too early to attribute Tuesday’s incidents to a particular hacker or group. He also said “the attack continues.”
The incident at PrivatBank spanned several hours, leaving services including automated teller machines down for an hour, a spokesman said. While the bank restored its services, it still faces “instability” on its Privat24 mobile app and is working to secure its operations, the spokesman said.
Representatives for Oschadbank, the other lender mentioned by Ukrainian officials, didn’t immediately respond to a request for comment.
The White House is aware of the reports and has “reached out to Ukrainian counterparts to offer support in the investigation and response to these incidents,” a National Security Council spokeswoman said. She declined to comment further.
It is possible such attacks could be carried out by Russian-linked hackers or opportunistic cybercriminals, said Kostiantyn Korsun, co-founder of the Ukrainian cyber firm Berezha Security Group. In the past, he said, suspected Kremlin-linked cyberattacks have attempted to sow confusion as part of hybrid warfare against Ukrainians in the eastern part of the country.
Last month, hackers defaced the websites of dozens of Ukrainian government agencies, while at least two agencies also discovered a potentially more destructive “wiper” malware intended to render computer systems inoperable. The Kremlin denied involvement in the incidents.
A disruption of government services can be “very effective because it’s visible for millions of people at the same moment,” Mr. Korsun said.
Officials in the U.S., U.K., Canada and elsewhere in recent weeks have warned that cyberattacks linked to a Russian invasion of Ukraine could spread across international computer networks and disrupt infrastructure.
Last week, the U.S. Cybersecurity and Infrastructure Security Agency issued a “Shields Up” alert urging companies to update their systems, impose multifactor authentication and more aggressively monitor for unusual activity. Some U.S. companies have been taking such actions even if they don’t do business in Ukraine.
“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” CISA said.
U.S. and European companies should observe and learn from Tuesday’s attacks and assume they are state-backed, said Christian Sorenson, a former cyberwarfare officer at U.S. Cyber Command who now runs security company SightGain Inc.
“Look at the techniques that they are using, test those techniques against your infrastructure and make sure that you’re blocking, detecting and responding to them, before they’re used against you,” he said.
Some U.S. banks have been running through contingency plans to prepare for Russia-linked incidents, said Tim Eades, chief executive of vArmour, a cybersecurity company advising companies that include financial services firms.
The financial sector must comply with tighter security standards than other sectors but “there’s obviously weaknesses in all things in life,” Mr. Eades said.
—James Rundle, Catherine Stupp and Nicolle Liu contributed to this article.
Write to David Uberti at david.uberti@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
