Ukraine has suffered a massive cyberattack that has affected the Ukrainian foreign ministry, the cabinet of ministers and the security and defense council.
A Ukrainian, Russian and Polish message appeared on the official website of the Ukrainian Foreign Ministry warning, "be afraid and expect the worst." The message also said, "All of your personal data was uploaded to the public networks. All data on the computer is destroyed, it is impossible to restore it." Websites were inaccessible on Friday morning and prompted Kyiv to open an investigation.
Chris Morgan, Senior Cyber Threat Intelligence Analyst at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, explains that the attack targeted 15 websites in the Ukraine that used the October content management system and resulted in websites being defaced, including the Ministry of Foreign Affairs, Cabinet of Ministers, Treasury, and others.
According to Reuters, Ukraine's foreign ministry spokesperson said, "It's too early to draw conclusions, but there is a long record of Russian (cyber) assaults against Ukraine in the past." The attack follows the rising tensions in Europe, and after the U.S. warned that the threat of a Russian military invasion of Ukraine was high.
Morgan explains, "Attribution for the attack has not been confirmed; however, initial indicators likely point to the work of Russian or affiliated actors, operating in reaction to current events. The attack has coincided with significant tensions between Russia and Ukraine, with Russia conducting a build-up of more than 100,000 of its forces along the Ukrainian border and conducting several military exercises. Recent talks between the West and Russia in defusing the crisis also appear to have reached an impasse; this week, a top Russian negotiator said diplomacy had reached a "dead end." There are credible fears of a Russian invasion into Ukraine once again, with Russia reportedly compelled to react to Ukraine's attempts to move towards NATO membership, which would result in deepening military and economic ties with the West."
Specific details on the attacks are unclear and are likely to emerge in the coming weeks, Morgan says. "The cyberattack against Ukraine does fit a consistent model frequently employed by Russian actors, who have historically conducted hybrid warfare tactics involving coinciding cyber-attacks ahead of movements for its military forces. However, given the unsophisticated nature of the attacks, it is possibly the work of third-party Russian hacktivist or cybercriminal actors, who are either encouraged by or otherwise working independently of the Russian state."