The Ukrainian Defense Ministry and several state-backed banks were hit with cyberattacks or disruptions on Tuesday. The Defense Ministry website is down and they confirmed that they were attacked, telling the public that it will be communicating through Twitter and Facebook.
“The MOU website was probably attacked by DDoS. An excessive number of requests per second were recorded. Technical works on restoration of regular functioning are being carried out,” the Defense Ministry said on Tuesday afternoon.
The confirmation came as residents of Ukraine reported issues with some ATMs and banking services at State Savings Bank, PrivatBank and Oschadbank.
NetBlocks, an organization tracking internet outages around the world, confirmed the loss of service to multiple banking and online platforms in Ukraine “in a manner consistent with a denial of service attack.”
“Metrics indicate impact beginning from early Tuesday intensifying in severity over the course of the day. Work is ongoing to assess the incident, which is ongoing at the time of writing,” the organization said.
Their data showed that service returned after about an hour or two of issues.
The Ukrainian Strategic Communications Center and Information Security also confirmed the attacks on the country’s banks in a statement, telling the public that they too believed it was a DDoS attack.
“For the last few hours, Ukraine’s largest state-owned bank, Privatbank, has been under a massive DDoS attack. Users of the bank’s internet banking service Privat24 report problems with payments and the application in general,” they said, adding that customers of Oschadbank were also reporting serious issues because its internet services were down.
PrivatBank told the Strategic Communications Center and Information Security that no user funds have been stolen during the incident.
None of the government agencies attributed the attack, but it came as Russia announced a partial troop withdrawal from areas near Ukraine’s border. Russian President Vladimir Putin also said on Tuesday that he was interested in security discussions with the United States and NATO.
Russia has faced international backlash for troop buildups near Ukraine’s border but has denied it plans to attack the country. US officials — who will not share their intelligence with the press — have repeatedly said a Russian attack is imminent. The US began evacuating almost all of the staff from its embassy in Kyiv this week and Jake Sullivan, President Joe Biden’s national security adviser, urged all Americans in the country to leave as soon as possible.
Christian Sorensen, former lead of the international cyber warfare team at US CYBERCOM, said the attacks are designed to ratchet up attention and pressure.
“It doesn’t sound like much impact yet. In the coming hours/days, I would anticipate more activities to isolate and disrupt Ukrainian citizens and especially government activities,” said Sorensen, who is now CEO of cybersecurity firm SightGain.
“The purpose at this stage is to increase leverage in negotiations. Next stage will be impactful and continue deterrence for other countries to get involved.”
Biden responded forcefully to reports of a wide-ranging cyberattack on Ukrainian government systems in January, telling reporters that the US would respond with its own cyberattacks if Russia continues to target Ukraine’s digital infrastructure.
Biden’s comments came after Ukrainian officials told journalist Kim Zetter that dozens of systems within at least two government agencies were wiped during a cyberattack in January. Microsoft released a detailed blog about the wiping malware, named “WhisperGate,” and said it was first discovered on January 13.
The wipers were launched days after more than 70 Ukrainian government websites were defaced by groups allegedly associated with Russian secret services.
Both the National Cyber Security Centre (NCSC) in the UK and Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings about the potential for cyberattacks against both Ukraine and its allies.