Major Ukrainian government websites were down Thursday morning local time, after a day in which Ukrainian agencies faced multiple cyberattacks and as concerns mounted over Russian troop movements in breakaway regions of Ukraine.
The websites of the Cabinet of Ministers of Ukraine and those of the Ministries of Foreign Affairs, Infrastructure, Education and others were experiencing disruptions.
In a separate and potentially more serious hacking incident hours earlier, a data-erasing tool was found on hundreds of computers in Ukraine, cybersecurity researchers say, raising fears that a destructive cyberattack is on the way. takes place amid Russia’s military escalation.
Taken together, these incidents represented an apparent escalation in cyberattacks on Ukrainian infrastructure as the United States and its allies warned of an imminent Russian invasion of Ukraine and imposed sanctions on Russian banks and elites. In televised remarks, Russian President Vladimir Putin on Thursday morning announced military action in Ukraine’s Donbass region, urging Ukrainian forces to lay down their arms and return home.
“We are aware that several commercial and government organizations in Ukraine are impacted by the destructive malware today,” Charles Carmakal, senior vice president and chief technology officer at cybersecurity firm Mandiant, told CNN.
The hacking incidents came as United Nations Secretary-General António Guterres made an eleventh-hour appeal to Russia to end military action.
“If indeed an operation is in preparation, I have only one thing to say from the bottom of my heart: President Putin, prevent your troops from attacking Ukraine”, declared António Guterres during an emergency meeting of the UN Security Council on Wednesday evening in New York. . “Give peace a chance. Too many people are already dead.
US officials have warned that Russia will most likely use cyber operations in conjunction with military action in Ukraine. President Joe Biden said last month that the United States could respond with its own cyber operations if Russia carries out further cyberattacks in Ukraine.
The early Thursday website disruptions in Ukraine followed news on Wednesday afternoon of a cyberattack that temporarily took the websites of Ukraine’s parliament, security service and cabinet of ministers offline.
It was not immediately clear who was responsible for the destructive hacking incident or the website disruptions early Thursday morning. The Ukrainian government did not immediately respond to CNN’s request for comment.
Ukraine’s State Service of Special Communications and Information Protection said cyberattacks on websites reported earlier on Wednesday were “a continuation” of cyberattacks that hit Ukrainian government websites on Wednesday. February 15. The White House blamed Russia’s military intelligence agency, the GRU, for the hacks. , which are known as Distributed Denial of Service (DDoS) attacks because they overwhelm computer servers with bogus traffic and take websites offline. The Russian embassy in Washington has denied this accusation.
Of all the cyber incidents, however, the destructive data-wiping tool – known as the malware “wiper” – had the potential to be the most impactful. Wiper malware usually deletes data from computers and renders them unusable. This has the potential to hamper organizations trying to stay online in a conflict.
The hack affected at least one Ukrainian financial institution and two Ukrainian government contractors, one operating in Latvia and the other in Lithuania, Vikram Thakur, technical director of Broadcom’s Symantec cybersecurity unit, told CNN. .
The malicious code has affected “large organizations” in Ukraine, according to cybersecurity firm ESET, which has several customers in the country. The hacking tool seems to have been created two months ago, but “has only been deployed today and we have only seen it in Ukraine”, said Jean-Ian Boutin, head of the threat research at ESET.
In the event of a larger conflict between Russia and Ukraine, U.S. officials fear that transportation networks and broadcast media in Ukraine could be shut down by kinetic attacks or cyberattacks, a senior U.S. official said on Tuesday. Department of Homeland Security to state and local authorities.
The current focus of Ukrainian government agencies and key companies is resilience against waves of hacking. Some agencies were able to come back online relatively quickly after last week’s DDoS attacks. The United States and many allied governments, as well as private sector experts, are providing cybersecurity support to Ukraine on the ground and remotely.
“With a top cyberpower like Russia, you’re not going to 100% prevent them, so the goal is resilience,” Sen. Mark Warner, the Virginia Democrat who chairs the Senate Committee on information.
When asked if the United States should conduct its own hacking operations in response to Russian activity in Ukraine, Warner said the United States generally avoids “opening Pandora’s box in terms of cyber escalation. “.
“So far this has been the right approach,” Warner added. “But we have never seen these kinds of circumstances where Putin is ready to release 190,000 troops” and threaten Kiev, he added. “We don’t know what it will do in cyberspace.”
This headline and story have been updated with additional reports.