Ukraine’s Ministry of Defense and Armed Services websites were down Tuesday as the result of an apparent cyberattack, in what some fear could be just the latest Russian effort to cause confusion and disruption in Ukraine as President Vladimir Putin weighs invading Ukraine.
The banks, Privatbank and Oshadbank, are also under attack, Ukraine’s cybersecurity agency, the State Service for Special Communication and Information Protection warned Tuesday, with some users reporting trouble making payments with their banking apps, according to Reuters.
Ukraine’s Ministry of Defense has assessed that the attacks on government websites are likely DDoS attacks, in which an attacker hits a website with an overwhelming number of requests so that the website malfunctions. Work is being done to restore the sites, the government said.
ADVERTISEMENT
Russia's GRU, its main intelligence directorate, is responsible for the cyber-operations, according to the U.S. intelligence community's assessment, Anne Neuberger, Biden's Deputy National Security Advisor for Cyber and Emerging Technology, said this week. Further efforts to attribute the attacks are ongoing, Neuberger said.
The apparent cyber incursions come just as U.S. officials and military analysts warn a Russian invasion into Ukraine could happen this week. That attack, officials have warned, could be coupled with a cyberattack in Ukraine to cause confusion, disruption, or as preparation for the battlefield.
If Russia is behind these cyberattacks, Putin might be aiming to shake the resolve of the Ukrainian people in advance of a ground invasion, Tim Kosiba, a former top National Security Agency official, the former deputy commander of NSA Georgia, told The Daily Beast.
“If you’re going to go after a bank—which a population is usually highly reliant on to conduct your personal business and a daily life—if he can go after that critical infrastructure in a country, then it’s going to affect the resolve of that populace to be able to sort of withstand whatever his next steps may be,” Kosiba, who previously served as Technical Director for the Requirements and Targeting Office in the NSA’s Tailored Access Operations (TAO) unit.
“He might be wanting to sort of give a little bit of a black eye on the Ukrainian government, to say, they can’t protect their own people,” said Kosiba, now serving as the Chief Executive Officer at bracket f, Inc., a subsidiary of security firm [redacted].
The financial fallout of the disruptions Tuesday might be more widespread than is currently known, according to John Hultquist, Mandiant’s vice president of intelligence analysis, told The Daily Beast.
“There is some evidence suggesting that other financial systems, like point of sale terminals, may have experienced disruption as well,” Hultquist said.
But already, some of the information about the cyberattacks could point to misfires and false information aimed at sowing confusion.
Unidentified actors sent inaccurate SMS messages to Ukrainians saying that ATMs have been malfunctioning, Ukraine’s cyber police force warned today.
Attribution of any cyberattacks may be difficult at this time, which could further add to any confusion, said Hultquist.
“Though we've anticipated disruptive Russian attacks against Ukraine, we've seen no evidence of responsibility at this time, and denial of service attacks are notoriously difficult to attribute,” Hultquist told The Daily Beast.
Russian cyber actors have long caused disruption and destruction in Ukraine. In 2015, a notorious Russian military intelligence hacking group, known as Sandworm, hit Ukraine’s power grid, turning off the lights for hundreds of thousands of Ukrainians.
Analysts have been warning a similar cyber-operation could take place in concert with a ground invasion that could give Russian forces more power and leverage.
Russian hackers have already taken steps in recent weeks to try to destabilize Ukraine. Hackers unleashed destructive malware against Ukrainian government entities just last month, an act Ukraine’s cybersecurity agency, the State Service for Special Communication and Information Protection has pinned on Russia.
