Attack on government websites: a new section of cyberwarfare against Ukraine

Navigation and useful materials

While cybersecurity experts are investigating the technical side of the hacker attack on state institutions of Ukraine, which occurred on the night of January 13-14, the Center for Strategic Communications and Information Security investigated the information side.

This is not the first time or even the second time that Ukrainian internet resources have been attacked since the beginning of the Russian military aggression. Some cyberattacks were so massive that they were included in the world’s textbooks for cyber specialists.

The purpose of such attacks is to destabilize the internal situation in the country, as well as sow chaos and despondency in society.

The Center recorded the last massive attack after the Ukrainian Armed Forces used strike UAVs in the JFO zone in the Donbas (we wrote about this in the article “Russia’s Fake Revenge for Bayraktar”) – at that time, the pages of Ukrainian media and civil society organizations were «hacked».

However, there has not been such a massive attack on government agencies for a long time. We assume that the current one is connected with Russia’s recent defeat in negotiations on Ukraine’s future cooperation with NATO. Recently, Moscow has already resumed military exercises near the borders of Ukraine. And hacking actions against Ukrainian government agencies can also be part of this psychological attack on Ukrainians.

The timeline of news distribution also indicates the Russian trace. The information first appeared in social networks, then the first publications among the media were disinformation channels. And then it was actively shared by Russian publications:

• 04:04 — “Fear”: hackers cracked the website of the Ministry of Education of Ukraine” (alternatio.org);
• 04:14 — “Fear”: threats to residents appeared on the website of the Ukrainian Ministry” (ria.ru);
• 05:00 — “Hackers cracked the website of the Ministry of Education of Ukraine” (echo.msk.ru);
• 05:03 — “Expect the worst”: hackers cracked the websites of Ukrainian ministries and placed threats there” (life.ru);

And in the morning, the Ukrainian media picked up the news.

The hacker’s use of references to Volyn, the OUN-UPA, Halychyna, Polissia, and “other historical lands” should have covered the “Russian trace.” Obviously, this was done deliberately to blame the hacker attack on Poland: Russia and its proxy have long been working to put the two friendly neighboring countries at odds. After all, the past of Polish-Ukrainian relations is a sensitive topic. And contradictions in the interpretation of some events in Poland and Ukraine create certain problems for modern cooperation between the two states in a number of areas.

This factor is what the Russian special services are trying to use, which expect to escalate the contradictions as much as possible by blocking Ukrainian-Polish cooperation and triggering international isolation of Ukraine.

Ukrainian investigators (such as InformNapalm) found facts of involvement of Russian special services in building up anti-Ukrainian sentiments in Poland back in 2017. Russians use extreme nationalists to their advantage or act under their guise: monuments and graves are vandalized; provocative inscriptions are made in Ukrainian or Polish. Now, it appears that this motive was put to action by Russian hackers.

Moreover, although the Polish text is written without errors, it is also clear that it was not written by a native speaker. This was confirmed to the Center for Strategic Communications by our Polish colleagues.

What conclusions can already be drawn while the cyber police, the SBU, and other authorized bodies are working to restore the operation of internet resources? Despite this attack, it is important to understand that:

• Russia throws considerable resources into the cyber warfare; they even successfully attacked the United States and hacked the boxes of politicians. Therefore, no one can guarantee 100% protection of information that is connected to the network;
• this cyberattack can be considered as an attack on Ukraine — since the portals of state bodies were affected. This means that Russia must bear responsibility, and sanctions for the attack are just around the corner;
• the purpose of the cyberattack is psychological pressure and intimidation — this is evidenced at least by the headlines of the publications “Fear…”, “Expect the worst….” But the Ukrainians have long shown that they don’t scare easy. Therefore, do not panic, but remain calm;
• contrary to the hackers’ claim, the personal data of the Ukrainians was not affected