'Unprecedented' cyberattack blamed on Russia was meant to sow chaos in Ukraine

KYIV -- Russia has intensified its hybrid warfare tactics against Ukraine with a cyberattack on the nation's military and its two largest state-owned banks, according to officials and experts.

The cyberattack started at about 3pm Tuesday (February 15), according to Ukrayinska Pravda, a Ukrainian news organisation.

The affected websites included those of the Oschadbank state savings bank and PrivatBank, as well as of the Defence Ministry and the armed forces.

Both banks resumed service later on Tuesday, but the military sites remained inaccessible hours after the initial reports emerged.

By Wednesday evening, the situation appeared to be under control.

The websites and banks were hit with a distributed denial-of-service (DDoS) attack, which involves hackers flooding the servers hosting a website until it becomes overloaded and is forced to shut down.

Tuesday's attack was the largest DDoS attack on government websites and the banking sector in Ukraine's history, according to Minister of Digital Transformation Mykhailo Fedorov.

"This attack is unprecedented," he said at a news briefing in Kyiv Wednesday, adding that it "bore traces of foreign intelligence services".

"It is clear that it was prepared in advance, and the key goal of this attack is to destabilise, to sow panic, to do everything to create a certain chaos in the actions of Ukrainians in our country," he said.

Bank clients complained about difficulties using automated teller machines, online banking and mobile phone applications, but the banks said the funds in users' accounts were not affected.

Tens of thousands of residents of Ukraine were unable to carry out payment transactions on the network or access their funds, causing great concern.

Roman Detsyk, a resident of Kyiv who works for a large telecommunications company, planned to make several payments through the PrivatBank mobile application, Privat-24, but the service "froze".

"Access to the Privat-24 application appeared only the next day, February 16, at about 1–2 pm," he said, adding that the ordeal made him feel "uneasy".

'Dirty tricks'

"We classify this DDoS attack as an information-psychological attack," Sergey Demediuk, deputy secretary of the National Security and Defence Council, told reporters Wednesday in Kyiv.

"Not destructive, not an attack that damaged the infrastructure, but solely one that was carried out with the aim of influencing the population: to point out the lack of access to electronic information resources provided by the state and financial institutions," he said.

The attack likely cost "millions of dollars" to execute, said Ilya Vityuk, director of the Ukrainian Intelligence Agency's Cyber Security Department, Wednesday.

"Such attacks are usually perpetrated by countries," he said during a news conference. "Such attacks need infrastructure."

"We know today that, unfortunately, the only country that is interested in such strikes on our country, especially against the background of mass panic over a possible military invasion is, unfortunately, the Russian Federation," he said, referring to the more than 100,000 Russian troops massing near Ukraine's border.

According to newly declassified US intelligence, "Russian government hackers have likely broadly penetrated Ukrainian military, energy and other critical computer networks", the Washington Post reported Tuesday.

Tuesday's attack was similar to an attack last month in which hackers temporarily brought down about 70 Ukrainian government websites, including that of the Foreign Ministry.

At the time, a message on the ministry's website warned Ukrainians: "Be afraid, and expect the worst."

Within hours of the breach, Ukraine's SBU security service said access to most affected sites had been restored and that the fallout was minimal.

Ukrainian officials blamed Russia for that attack as well.

The purpose of the attack, the Ukrainian Digital Transformation Ministry said in a statement January 16, "is not only to intimidate society. But to also destabilise ... Ukraine, halting the work of the public sector and crushing Ukrainians' trust in the authorities".

The Kremlin insists there is no evidence Russia was behind the cyberattacks.

But an analyst from one of Ukraine's main scientific institutions that counters cyberattacks explained how the hacker trail leads back to Russia.

"On the one hand, there are employees of security agencies, for example, Russian intelligence, the foreign intelligence service and the FSB [Federal Security Service], who do it as part of their job description," the analyst told Caravanserai on condition of anonymity.

"On the other hand, there are conditionally 'independent' hacking groups or even information security companies that the Kremlin hires or can encourage to work against other states."

Attacks such as the one on Tuesday, while mostly a nuisance, have direct negative consequences on Ukraine's economy, critical infrastructure, and Ukrainians' trust in the authorities and state institutions, said Oleksii Baranovskyi, president of the Kyiv chapter of the ISACA, an international association that works in the field of information system security.

"Considering what has already happened, it becomes scary what could happen next," he told Caravanserai.

These attacks are essentially the Kremlin's new weapon, on which Moscow spends colossal resources, he said.

Ukraine fights back

Russia-backed cyberattacks on Ukraine have happened before and they will happen again, analysts warn.

Some of the most drastic cyberattacks over the past decade have been attributed to Russian attacks on Ukraine, and then repeated elsewhere, according to US intelligence.

For example, a Russian military spyware strain first identified in a hack of Ukraine's Central Elections Commission in 2014 was found in the server of the Democratic [Party] National Committee in the United States in 2016, The New York Times reported.

Last October, the US government charged six GRU officers in absentia with carrying out cyberattacks on Ukraine's power grid, the 2017 French elections and the 2018 Winter Olympics. The GRU is Russia's military intelligence agency.

The six Russian agents were also accused of staging a 2017 malware attack called "NotPetya" that started in Ukraine and later infected computers of businesses worldwide, causing almost $1 billion in losses to three US companies alone.

In recent years, Ukraine has significantly strengthened its ability to counter cyberthreats, thanks in part to assistance from and co-operation with the United States and European Union (EU), Baranovskyi said.

NATO responded quickly after the January attack by announcing a cyberwarfare co-operation deal with Kyiv. The EU said it was mobilising "all its resources" to help Ukraine at the time.

Late last year, the United States and the United Kingdom sent cyberwarfare experts to help Ukraine prepare to defend itself from potential attacks from Russian state actors and private proxies committing cybercrimes on the Kremlin's behalf.

The US Civilian Research and Development Foundation (CRDF Global) and the US Agency for International Development (USAID) both are implementing US-funded projects designed "to support and improve the efficiency of cybersecurity in Ukraine", Baranovskyi noted.

Just last week, on February 11, officials from US intelligence and national security agencies met to discuss cyberthreats from Russia and the assistance the United States can provide to Ukraine to counter large-scale attacks.

With the latest attack, Russia is trying to create a sense of chaos in Ukraine, said Artem Bidenko, director of the Institute of Information Security, an NGO based in Kyiv.

"The main task of Russian cyberattacks is to spread panic among the population, as well as to undermine confidence in the government," he told Caravanserai.

"Russia will create wider and more aggressive tools capable of serious interventions," said Bidenko. "We definitely need to prepare for the worst scenarios: not only Ukraine, but the whole world."