Kiev, Ukraine. A number of Ukrainian government websites were temporarily unavailable as a result of the cyberattack on Friday, officials said.
While it was not immediately clear who was behind the cyberattack, the disruption came amid escalating tensions with Russia and after talks between Moscow and the West this week failed to produce any significant progress.
Ukrainian Foreign Ministry spokesman Oleg Nikolenko told The Associated Press that it was too early to talk about who could be behind the attack, “but in the past there is a long list of Russian cyberattacks against Ukraine.”
Earlier, Moscow denied involvement in cyber attacks on Ukraine.
According to Viktor Zhora, Deputy Chairman of the State Service for Special Communications and Information Protection, about 70 websites of both republican and regional authorities were attacked. At the same time, Zhora stressed that no critical infrastructure was damaged, and personal data did not leak.
According to Oleg Derevyanko, a leading private sector expert and founder of the cybersecurity firm ISSP, the hack was a simple distortion of government websites. The hackers infiltrated the content management system they all use, but “did not gain access to the websites themselves.”
“This could be a common information operation (attempt) to undermine the government’s capacity and create and increase uncertainty,” added Derevianko. It could also be “part of a planned hybrid attack or a longer and more complex cyber operation that is underway but not completed.”
The main question, according to Derevianko, is whether this is a stand-alone hacktivist action or part of a larger state-backed operation.
Tensions between Ukraine and Russia have risen sharply in recent months after Moscow has deployed some 100,000 troops near the Ukrainian border, raising fears of an invasion. Moscow says it is not planning an attack and rejects Washington’s demand to withdraw its troops, saying it has the right to deploy them where necessary.
The Kremlin has demanded security guarantees from the West so that NATO would deny membership to Ukraine and other former Soviet states and reduce the alliance’s military deployment in Central and Eastern Europe. Washington and its allies refused to make such promises, but said they were ready to negotiate.
This week’s high-stakes talks between Moscow and the US, followed by a Russia-NATO meeting and a meeting at the Organization for Security and Cooperation in Europe, have not resulted in any immediate progress.
NATO Secretary General Jens Stoltenberg said Friday that the 30-nation military organization will continue to provide Ukraine with “strong political and practical support” in light of the cyberattacks.
“In the coming days, NATO and Ukraine will sign an agreement to strengthen cyber cooperation, including Ukraine’s access to the NATO malware information exchange platform,” Stoltenberg said in a statement.
European Union Foreign Minister Josep Borrell said on Friday that the 27-country bloc is ready to mobilize all its resources to provide technical assistance to Ukraine and improve its ability to withstand cyber attacks.
When asked who might be behind the attack, Borrell said, “I can’t point to anyone because I have no proof, but I can imagine.”
Russia has a long history of conducting cyber operations against Ukraine, including hacking into its voting system ahead of the 2014 national elections and attacks on the country’s power grid in 2015 and 2016. a virus that has infected Ukrainian business and caused more than $ 10 billion in global damage.
Since then, Ukrainian cybersecurity experts have been strengthening the protection of critical infrastructure. Zhora told AP that officials are particularly worried about Russian attacks on the power system, railroad network and the central bank.
Experts recently said the threat of another such cyberattack is significant, as it would give Russian President Vladimir Putin the opportunity to destabilize Ukraine and other former Soviet countries seeking NATO membership without the need to bring in troops.
“If you’re trying to use it as a stage and deterrent to prevent people from moving forward with NATO or other things in mind, cyberspace is perfect,” said Tim Conway, cybersecurity instructor at the SANS Institute, to the Associated Press. interview last week.
Conway was in Ukraine last month conducting a mock cyberattack on the country’s energy sector. The United States has been investing in improving cyber defense in Ukraine for several years now through various agencies such as the Department of Energy and USAID.
The White House did not immediately respond to a request for comment.
On Friday, the Russian Federal Security Service, or FSB, announced the arrest of members of the REvil extortionist gang and the termination of its activities. REvil is a major ransomware syndicate that was behind last year’s Fourth of July ransomware attack that damaged more than 1,000 businesses and public organizations around the world.
The FSB said it searched the homes of 14 members of the group and seized more than 426 million rubles ($ 5.6 million), including in cryptocurrency, as well as computers, crypto wallets and 20 luxury cars “bought with money obtained from crime “. All detainees were charged with “illegal circulation of means of payment,” a criminal offense punishable by up to six years in prison.
According to the FSB, the operation was carried out at the request of the US authorities, which reported the leader of the group to officials in Moscow.
This is the first public action by the Russian authorities since US President Joe Biden warned Putin last year that he needed to crack down on extortionist gangs in his country.
REvil’s attacks have compromised tens of thousands of computers around the world and fetched at least $200 million in ransom, Attorney General Merrick Garland said in November as he announced charges against two gang-linked hackers.
This summer, REvil went offline and its data breach site and ransom portals went offline following a string of high-profile ransomware attacks. He was behind the July 2 ransomware attack on the supply chain that damaged more than 1,000 organizations worldwide, targeting Florida-based software vendor Kaseya. And JBS, the world’s largest meat processor, said in June that it paid $ 11 million after the REvil hack.
Such attacks have attracted significant attention from law enforcement officials around the world. The US announced charges against the two subsidiaries in November, hours after European law enforcement officials released the results of a lengthy operation involving 17 countries. The operation has arrested a total of seven hackers linked to REvil and another ransomware family since February, Europol said.
The Associated Press reported last year that U.S. officials had meanwhile shared several names of suspected ransomware operators with Russian officials, who said they had launched an investigation. Kremlin spokesman Dmitry Peskov said late last year that the countries are engaged in a useful dialogue.
“This is a huge, huge deal,” Allan Liska, an intelligence analyst at cybersecurity firm Recorded Future, said of the arrests announced by the FSB on Friday. “Until recently, this was a top-level group.”
Frank Bayak reported from Boston, Litvinova reported from Moscow. Catherine Gaska from Brest, France, Alan Suderman from Richmond, Virginia, and Eric Tucker from Washington contributed to this report.