KYIV, Ukraine – A senior Ukrainian cybersecurity official said on Wednesday that a cyberattack against the websites of the Ukrainian Ministry of Defense and the army, as well as the interfaces of the country’s two largest banks on Tuesday, was the largest such attack in the country’s history. and “carried traces of foreign intelligence services”.
Ukraine’s Digital Transformation Minister Mykhailo Fedorov said “attack vectors were organized from different countries.”
“It is clear that it was prepared in advance, and the main objective of this attack is to destabilize, to create panic, to do everything to create some chaos in the actions of Ukrainians in our country,” he said at a press conference in Kyiv.
The announcement came as Russian forces gathered on Ukraine’s northern, eastern and southern borders, a force President Biden estimated on Tuesday at around 150,000 troops.
But officials also fear that Russia may seek to destabilize the country through other means, including cyber warfare.
Websites and banks targeted on Tuesday night were hit by a distributed denial of service, or DDoS, attack in which hackers flood servers hosting a website until it becomes overloaded and shuts down .
While a full investigation is underway, all signs pointed to Russia, said Ilya Vityuk, head of the Ukrainian Intelligence Agency’s cybersecurity department.
“We know today that, unfortunately, the only country interested in such strikes against our country, especially in the context of mass panic over a possible military invasion, is unfortunately the Russian Federation,” he said. he said at the press conference.
He added that the attack likely cost “millions of dollars” to execute, well beyond the capabilities of individual hackers or groups.
“Such attacks are usually perpetrated by countries,” he said. “Such attacks need infrastructure.”
Moscow has denied any responsibility for the DDoS attack. “We don’t know, but we are not surprised that Ukraine continues to blame Russia for everything,” Kremlin spokesman Dmitry S. Peskov told reporters. “Russia has nothing to do with DDoS attacks.”
Mr Vityuk said the attack bore similarities to an attack in mid-January in which hackers have destroyed dozens of Ukrainian government websites, including the Ukrainian Ministry of Foreign Affairs.
At the time, a message from the Ministry of Foreign Affairs warned: “Ukrainians! All your personal data has been uploaded to the Internet. All computer data is destroyed. All information about you has become public. Be afraid and expect the worst.
On Tuesday, customers of state-owned banks PrivatBank and Oschadbank began complaining about difficulties using ATMs and mobile phone apps. Banks confirmed the attack, but said funds in users’ accounts were not affected, although users said they were temporarily unable to withdraw money or withdraw money. use their credit cards. Some bank customers were worried because their bank balances appeared to be depleted. By Tuesday evening, most services had been restored.
Pavlo Kukhta, an adviser to Ukraine’s energy minister, said in an interview that hackers may be preparing for a larger attack, which could target the country’s “vulnerable” power grid.
“The goal is quite simple: to create panic, to show what they are capable of, to test the systems and see if they are vulnerable,” he said. “They snoop around and look for weaknesses.”
The DDoS attack, which began at 3 p.m. Kyiv time on Tuesday, had been going on for more than 24 hours on Wednesday evening, Ukraine’s Defense Ministry said. Ukrainian cybersecurity officials “succeeded in significantly reducing the level of harmful traffic,” said Victor Zhora of the Center for Strategic Communications and Information Security, a government agency. set up to counter Russian disinformation.
Ukraine’s intelligence agency, the SBU, said on Wednesday it neutralized “more than 2,200 cyberattacks against state authorities and critical infrastructure in Ukraine” last year.
According to US government assessments, some of the most drastic cyberattacks of the past decade have been attributed to Russian actions in Ukraine – and then replicated elsewhere.
For example, a strain of Russian military spyware first identified in a hack against Ukraine’s Central Election Commission in 2014 was discovered on the Democratic National Committee’s server in the United States in 2016. The following year, attacks called NotPetya started in Ukraine and then spread. worldwide, causing damage of approximately $1 billion.