Tuesday’s disruption of multiple Ukrainian government websites and web services for several state-owned banks — along with spam text messages falsely claiming ATMs didn’t work — were part of a coordinated operation designed to sow panic, Ukrainian government officials claimed Wednesday.
The officials said it was “too early to talk about specific actors” associated with the distributed denial-of-service (DDoS) attacks, but that the targeting of multiple websites, along with the text messages, suggested an extensive effort beyond the range of an individual or even a group of hackers. The remarks, from some of Ukraine’s cybersecurity and law enforcement leaders, came at a joint briefing Wednesday that the government translated into English on Twitter.
The cyber incidents came as the threat of Russian military assault on Ukraine looms large, even as the Russians and NATO governments continue talks in search of a diplomatic resolution. President Joe Biden said Tuesday that 150,000 Russian troops remain in a “threatening position” around Ukraine, and that military escalation “remains distinctly possible.”
A spokesperson for the U.S. National Security Council told CyberScoop that the White House was aware of the DDoS situation and had “reached out to Ukrainian counterparts to offer support in the investigation and response to these incidents.”
DDoS incidents are relatively unsophisticated when compared with other forms of cyberattacks. Targeted systems are flooded with phony internet traffic that can make them inaccessible to normal users.
The hosting provider for the domains that were targeted reported Wednesday that the traffic came from foreign and Ukrainian IP addresses, and that at its peak, it exceeded 150 Gbps. That would suggest a large attack, but far from the largest DDoS attacks ever seen.
DDoS attacks typically do not affect any underlying data or systems, although Victor Zhora, the deputy chairman of Ukraine’s State Service of Special Communications and Information Protection, said DDoS traffic can be used to hide more destructive actions. In this case, however, Ukrainian officials so far see no signs of data leakage or distortion, he said.
Ukraine is “facing completely unprecedented attacks,” he added, but added that he is “convinced that Ukraine will withstand this cyber aggression.”
Some of the government sites were taken offline proactively to limit the spread of attacks and prevent possible damage, Zhora said. The site for the Ministry of Defense, for instance, was disconnected from the external networks, but the site was not damaged, he said.
The U.S. government believes Russian hackers have penetrated Ukrainian military, energy and other critical computer networks with the ability to disrupt systems should the Russian government choose to attack Ukraine, the Washington Post reported Tuesday. Zhora said he could not confirm that Russian hackers had broken into Ukraine’s critical infrastructure networks.
Ilya Vityuk, the head of the cyber department of Ukraine’s security services, said officials see “a trace of foreign intelligence services,” and that Tuesday’s events had similarities to a Jan. 14 operation during which hackers defaced dozens of Ukrainian government websites and deployed fake ransomware on some government systems that wiped computers.
Some in Ukraine pointed the finger at the Russian government, but cybersecurity experts and others stopped short of formal attribution. Vityuk said during Wednesday’s briefing that the only suspect at this point was Russia, but said it wasn’t a formal attribution, Sky News reported. The Russian government denied any involvement.
Biden said Tuesday that if “Russia attacks the United States or our allies through asymmetric means, like disruptive cyberattacks against our companies or critical infrastructure, we’re prepared to respond.”