(Bloomberg) — A cyberattack aimed at paralyzing banks and government websites was the worst of its kind in Ukrainian history, officials in Kyiv said, as the standoff with Russia continues to draw warnings of a potential invasion.
The DDoS, or distributed denial-of-service, attack began Tuesday and continued into Wednesday with the goal of causing mass confusion, Mykhailo Fedorov, Ukraine’s minister of digital transformation, said during an online briefing.
“This attack was unprecedented, it was prepared well in advance, and its key goal was destabilization, sowing panic and creating chaos in our country,” he said.
The Defense Ministry’s website and Dia, a government service that lets people access digital versions of their passports and Covid vaccination certificates, were among the targets. Cash machine networks and mobile banking services of top lenders Oshchadbank and Privatbank also came under pressure.
Mandiant Executive Cautions Against Russia-Cyberattack Panic
The size and resources involved suggest “a country” was behind the attack, according to Viktor Zhora, the deputy head of the State Service of Special Communication and Information Protection.
He didn’t name the country, citing an ongoing investigation. In the past, Ukraine’s Security Service has said hacking groups linked to Russian intelligence services may have been responsible for similar attacks, allegations Moscow has denied.
Kyiv’s western allies say Russia has massed as many as 150,000 troops on its neighbor’s borders in a possible precursor to an attack and are voicing reservations about announcements from the Kremlin that it is withdrawing some forces. Russia, which annexed Crimea from Ukraine in 2014 and supports separatists in Ukraine’s eastern Donbas region, says it has no plans to invade.
The attack was “purely psychological,” as it sought to prevent people from accessing services and didn’t appear to steal any money or information, Deputy Secretary of the National Security Council Serhii Demedyuk said.
While Ukrainians are increasingly reliant on using mobile banking and digitalized government services, they are also accustomed to interruptions from hackers.
In 2015, a cyberattack cut electricity to 200,000 customers, while another a year later temporarily knocked out a power station in northern Kyiv. Those attacks were carried out with involvement from Russia’s GRU intelligence agency, according to charges the U.S. Department of Justice unsealed in 2020.
This year, hackers defaced Ukrainian government websites in January, broadcasting a message that falsely claimed to have stolen private data from citizens.
Russia “had nothing to do” with this week’s cyberattack in Ukraine, Kremlin spokesman Dmitry Peskov said. He described as “inaccurate” assertions from NATO that a pullback of Russian troops from near Ukraine’s border is not taking place.
Digital Harassment
DDoS attacks are a common method of digital harassment, a technique that attackers have used to overwhelm targets with web traffic for a generation. By directing a network of hacked computers to visit a single site, for instance, cyber actors use DDoS attacks to send political messages, or to intimidate a specific organization. DDoS stands for distributed denial of service.
In 2008, for instance, the hacktivist group Anonymous took credit for a DDoS attack that temporarily knocked offline the websites for the Church of Scientology. An attack in 2016 against the internet infrastructure provider Dyn Inc. resulted in cascading outages at internet giants Twitter Inc., Spotify AG and the New York Times.
The typical goal of a DDoS attack is to take a website offline or to disrupt service. Hackers will sometimes DDoS a target and demand a ransom to stop the attack.
Security firms have become increasingly adept at fending off such incidents in the years since, though observers have warned that attackers have sought new methods of creating disruptions.
Doug Madory, the director of internet analysis at Kentik Inc.m said that the DDoS incident in Ukraine wasn’t particularly special.
“DDoS attacks happen every day,” Madory said. “Maybe the only thing interesting about yesterday’s attacks was the context that they occurred in.” Madory said Kentik observed the DDoS attacks and saw Privatbank activating DDoS protection from a Ukrainian security vendor.
“If the Ukraine-Russia conflict just consists of DDoS attacks against banks and the website of the UA army, that’s probably the best-case scenario as compared to armed conflict,” Madory said.
(Updates with additional background on DDoS attacks beginning in 13th paragraph. A previous version of this story incorrectly described it as the worst cyberattack in Ukrainian history.)
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.
