Key Ukrainian government websites were down early Thursday local time after a day in which Ukrainian agencies grappled with multiple cyberattacks and as concerns about Russian troop movements in Ukraine’s breakaway regions grow.
The website of the Cabinet of Ministers of Ukraine and those of the ministries of foreign affairs, infrastructure, education and others were experiencing outages.
In a separate and potentially more serious incident hours earlier, a data-wiping tool was found on hundreds of computers in Ukraine, according to cybersecurity researchers, raising concerns that a destructive cyberattack was unfolding amid the escalation. Russian military.
“We are aware that multiple commercial and government organizations in Ukraine were affected by destructive malware today,” Charles Carmakal, senior vice president and chief technology officer at cybersecurity firm Mandiant, told GLM.
Website outages early Thursday in Ukraine followed Wednesday afternoon news of a cyberattack that temporarily took the websites of Ukraine’s parliament, Security Service and Cabinet of Ministers offline.
It was not immediately clear who was responsible for the destructive hacking incidents or website outages early Thursday morning. The Ukrainian government did not immediately respond to GLM’s request for comment.
But taken together, the incidents represented an apparent escalation in cyberattacks on Ukrainian infrastructure as the US and its allies warned of an impending Russian invasion and imposed sanctions on Russian banks and elites.
Ukraine’s State Service for Special Communications and Information Protection said Wednesday’s website cyberattacks were “a continuation” of cyberattacks that hit Ukrainian government websites on February 15. The White House blamed Russia’s military intelligence directorate, the GRU, for a separate set of cyberattacks on Ukrainian websites that occurred last week. The Russian embassy in Washington denied the accusation.
Of all the incidents, however, the data-wiping tool, known as the “wiper” malware, had the potential to be the most shocking. This type of malware usually deletes data from computers and renders them inoperable.
The attack affected at least one Ukrainian financial institution and a Ukrainian government contractor with a presence in Latvia, Vikram Thakur, technical director of Broadcom’s cybersecurity unit Symantec, told GLM.
The malicious code affected “large organizations” in Ukraine, according to cybersecurity firm ESET, which has several clients in the country. The hacking tool appears to have been created two months ago, but “it was only deployed today and we have only seen it in Ukraine,” said Jean-Ian Boutin, head of threat research at ESET.
US officials have warned that Russia is likely to use cyber operations in conjunction with military actions in Ukraine.