Tuesday January 18th, 2022 6:01AM

Cyberattack in Ukraine targets government websites

By The Associated Press
Related Articles
  Contact Editor

KYIV, Ukraine (AP) — A cyberattack left a number of Ukrainian government websites temporarily unavailable Friday, officials said.

While it wasn't immediately clear who was responsible, the disruption came amid heightened tensions with Russia and after talks between Moscow and the West failed to yield any significant progress this week.

Ukrainian Foreign Ministry spokesman Oleg Nikolenko told The Associated Press it was too soon to say who was behind it, "but there is a long record of Russian cyber assaults against Ukraine in the past.”

Moscow had previously denied involvement in cyberattacks against Ukraine.

About 70 websites of both national and regional government bodies were targeted in the attack but no critical infrastructure was affected and no personal data accessed, according to Victor Zhora, deputy chair of the State Service of Special Communication and Information Protection.

The hack amounted to a simple defacement of government websites, said Oleh Derevianko, a leading private sector expert and founder of the ISSP cybersecurity firm. The hackers got into a content management system they all use, but “didn’t get access to the websites themselves.”

The main question, said Derevianko, is whether this is a standalone hacktivist action — “patriotic” Russian freelancers — or part of a larger state-backed operation.

A message posted by the hackers in Russian, Ukrainian and Polish claimed Ukrainians’ personal data was placed online and destroyed. It told Ukrainians to “be afraid and expect the worst.” In response, Poland's government issued a statement noting that Russia has a history of such disinformation campaigns and that the Polish in the message was clearly not from a native speaker.

Tensions between Ukraine and Russia have been running high in recent months after Moscow amassed an estimated 100,000 troops near Ukraine's border.

NATO Secretary-General Jens Stoltenberg said Friday that the alliance will continue to provide “strong political and practical support” to Ukraine in light of the cyberattacks.

“In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation,” Stoltenberg said in a statement.

Russia has a long history of cyberattacks against Ukraine, including nearly thwarting its 2014 national elections and briefly crippling parts of its power grid during the winters of 2015 and 2016. In 2017, Russia unleashed one of most damaging cyberattacks on record with the NotPetya virus that targeted Ukrainian businesses and caused more than $10 billion in damage globally.

Ukrainian cybersecurity professionals have been fortifying the defenses of critical infrastructure ever since. Zhora has told the AP that officials are particularly concerned about Russian attacks on the power grid, rail network and central bank.

Experts have said recently that the threat of another such cyberattack is significant as it would give Russian President Vladimir Putin the ability to destabilize Ukraine and other ex-Soviet countries that wish to join NATO without having to commit troops.

“If you’re trying to use it as a stage and a deterrent to stop people from moving forward with NATO consideration or other things, cyber is perfect,” Tim Conway, a cybersecurity instructor at the SANS Institute, told the AP in an interview last week.

Conway was in Ukraine last month conducting a simulated cyberattack on the country’s energy sector. The U.S. has been helping Ukraine bolster its cyber defenses through agencies including the Department of Energy and USAID.

The White House didn't immediately respond to a request seeking comment.

In a separate development Friday, Russia's Federal Security Service, or FSB, announced the detention of members of the REvil ransomware gang, which was behind last year’s Fourth of July weekend supply-chain attack targeting the Florida-based software firm Kaseya. The attack crippled more than 1,000 businesses and public organizations globally.

The FSB claimed to have dismantled the gang, but REvil effectively disbanded in July. Cybersecurity experts say its members largely moved to other ransomware syndicates. They cast doubt Friday on whether the arrests would significantly impact Russian-speaking ransomware gangs, whose activities have only moderately eased after a string of high-profile attacks on critical U.S. infrastructure last year including the Colonial Pipeline.

The FSB said it raided the homes of 14 group members and seized over 426 million rubles ($5.6 million), including in cryptocurrency as well as computers, crypto wallets and 20 elite cars “bought with money obtained by criminal means.” All those detained have been charged with “illegal circulation of means of payment,” a criminal offense punishable by up to six years in prison. The suspects weren't named.

According to the FSB, the operation was conducted at the request of U.S. authorities, who reported the leader of the group to officials in Moscow. It's the first significant public action by Russian authorities since U.S. President Joe Biden warned Putin last year that he needed to crack down on ransomware gangs in his country.

Experts said it was too early to know if the arrests signal a major Kremlin crackdown on ransomware criminals — or if it may just have been a piecemeal effort to appease the White House.

Bill Siegel, CEO of the ransomware response firm Coveware, said he'll be watching to see what kind of prison time those arrested get. “The follow-through on sentencing will send the strongest signal one way or another as to IF there has truly been a change in how tolerant Russia will be in the future to cyber criminals,” he said via email.

Yelisey Boguslavskiy, research director at Advanced Intelligence, said that while the arrests do follow a pattern of Kremlin pressure on ransomware criminals — including in some cases prompting them to hand over decryption keys — those arrested could simply be low-level affiliates, not the core group that managed the data-scrambling malware. The REvil syndicate also apparently ripped off some affiliates so it had enemies in the criminal underground, he said.

REvil’s attacks crippled tens of thousands of computers worldwide and yielded at least $200 million in ransom payments, Attorney General Merrick Garland said in November when announcing charges against two hackers affiliated with the gang.

Such attacks brought significant attention from law enforcement officials around the world. The U.S. announced charges against two affiliates in November, hours after European law enforcement officials revealed the results of a lengthy, 17-nation operation. As part of that operation, Europol said, a total of seven hackers linked to REvil and another ransomware family have been arrested since February.

The AP reported last year that U.S. officials, meanwhile, shared a small number of names of suspected ransomware operators with Russian officials, who have said they were investigating.

Brett Callow, a ransomware analyst with the cybersecurity firm Emsisoft, said that "whatever Russia's motivations may be, the arrests would "certainly send shockwaves through the cybercrime community. The gang’s former affiliates and business associates will invariably be concerned about the implications.”


Frank Bajak reported from Boston, Litvinova reported from Moscow. Catherine Gaschka in Brest, France, Alan Suderman in Richmond, Virginia, and Eric Tucker in Washington, contributed to this report.

  • Associated Categories: Associated Press (AP), AP National News, AP Online National News, Top General short headlines, AP World News, AP Business, AP Technology News
© Copyright 2022
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
Cyberattack in Ukraine targets government websites
Ukrainian officials say a huge cyberattack has left a number of government websites temporarily unavailable
7:15AM ( 10 minutes ago )
Double-fault: Visa revoked again, Djokovic faces deportation
Tennis star Novak Djokovic faces deportation again after the Australian government revoked his visa for a second time
6:50AM ( 36 minutes ago )
Hong Kong bans transit flights from over 150 countries
Hong Kong International Airport is banning transit passengers from 150 countries and territories starting Sunday, tightening stringent travel controls in an effort to stem the spread of the highly contagious omicron variant
6:47AM ( 38 minutes ago )
Associated Press (AP)
Ethiopia objects to alleged "misconduct" of WHO chief Tedros
The government of Ethiopia has sent a letter to the World Health Organization accusing its Ethiopian director-general of “misconduct” after his sharp criticism of the war and humanitarian crisis in the country
5:39AM ( 1 hour ago )
Israel says 500K have received 4th vaccine dose
Israel’s Health Ministry says more than 500,000 people have received a 4th vaccine dose
5:37AM ( 1 hour ago )
Masks rules get tighter in Europe in winter's COVID-19 wave
Italy, Spain and other European countries are reinstating or stiffening mask mandates as their hospitals struggle with mounting numbers of COVID-19 patients
5:33AM ( 1 hour ago )
AP World News
Biden administration launches program to fix 15,000 bridges
The Transportation Department is launching a $27 billion program to repair and upgrade U.S. bridges
5:29AM ( 1 hour ago )
World shares track Wall Street retreat, US futures edge up
Shares have slipped in Europe and Asia after a retreat on Wall Street that left the Nasdaq composite down 2.5%
4:24AM ( 3 hours ago )
Biden chooses 3 for Fed board, including first Black woman
President Joe Biden will nominate three people for the Federal Reserve’s Board of Governors, including Sarah Bloom Raskin, a former Fed and Treasury official, for the top regulatory slot and Lisa Cook, who would be the first Black woman to serve on the Fed’s board
12:05AM ( 7 hours ago )
AP Business
Twitter, Meta among tech giants subpoenaed by Jan. 6 panel
The House committee investigating the Capitol insurrection has issued subpoenas to Twitter, Meta, Reddit and YouTube, demanding documents after lawmakers said the companies’ initial responses were inadequate
8:22PM ( 11 hours ago )
Microsoft opens harassment investigation sought by investors
Microsoft says it will review its policies regarding sexual harassment and gender discrimination and publicly release the results of investigations into allegations involving members of the board of directors and senior leadership, including Bill Gates
6:15PM ( 13 hours ago )
Liberals in EU parliament seek inquiry into abuse of spyware
European Parliament lawmakers have called for a committee to investigate rights abuses by European Union governments using powerful spyware produced by Israel’s NSO Group
2:07PM ( 1 day ago )
AP Technology News
Double-fault: Visa revoked again, Djokovic faces deportation
Tennis star Novak Djokovic faces deportation again after the Australian government revoked his visa for a second time
6:50AM ( 36 minutes ago )
Hong Kong bans transit flights from over 150 countries
Hong Kong International Airport is banning transit passengers from 150 countries and territories starting Sunday, tightening stringent travel controls in an effort to stem the spread of the highly contagious omicron variant
6:47AM ( 38 minutes ago )
Ex-Johnson aide says sorry for party on eve of royal funeral
Boris Johnson’s former communications chief has apologized “unreservedly” for a lockdown-breaching party in Downing Street last year
6:26AM ( 59 minutes ago )
Ukraine's government websites targeted in a hacking attack
Ukrainian officials and media reports say a number of government websites in Ukraine are down after a massive hacking attack
6:21AM ( 1 hour ago )
Goodbye 'godsend': Expiration of child tax credits hits home
For the first time in half a year, families on Friday are going without a monthly deposit from the child tax credit
6:20AM ( 1 hour ago )