Ukraine has claimed Russia was most likely behind the attack, which affected the websites of the Foreign Ministry and a number of other government agencies.
Oleg Nikolenko, spokesman for the Ukrainian Foreign Ministry, tweeted on Friday that “the investigation is still ongoing but the Ukrainian Security Service has obtained preliminary indicators suggesting that groups of hackers associated with the Russian secret service could be behind today’s massive cyberattack on government websites.”
Ukraine’s Communications Intelligence Service said in a statement that as many as 70 websites of central and regional authorities were targeted.
“This is not the first time or even the second time that Ukrainian Internet resources have been attacked since the start of Russian military aggression,” Ukraine’s information ministry said in a statement.
Most of the affected state resources have already been restored, according to Ukraine’s security service, which said personal data was not breached.
Early Friday morning local time, Ukrainian government websites, including that of the Foreign Ministry, displayed dark screens with threatening text stating that Ukrainians’ personal information had been hacked.
“Ukrainian! All your personal data has been uploaded to the public network. All data on the computer is destroyed, it is impossible to restore it,” reads the message, published in Ukrainian, Russian and Polish.
“All information about you has become public, be afraid and expect the worst. This is for you for your past, your present and your future. For Volhynia, for OUN UIA [Organization of Ukrainian Nationalists Ukrainian Insurgent Army], for Galicia, for Polesia and for historic lands,” the webpage reads.
The UIA and OUN were Ukrainian ultra-nationalist groups that fought for independence during the Soviet era, while Galicia, Volhynia and Polesia are areas from which they historically enjoyed high levels of support.
A statement from Ukraine’s Ministry of Culture and Information Policy suggested the text mentioned the groups and regions as “a means of concealing the ‘Russian footprint’ from hackers”.
“It is obvious that this was done on purpose to cast a shadow over the hacker attack on Poland: Russia and its proxies have been working for a long time to create a feud between two friendly neighboring countries,” the ministry added in a statement. .
Ukraine’s Security Service said in a statement that although “provocative messages were posted on the main page of these sites”, the content of the sites was not changed, adding “the leakage of personal data, according to the preliminary information, did not occur.”
The websites of the Ministries of Education, Foreign Affairs, Sports, Energy, Agrarian Policy, Veterans Affairs, Environment and Ukrainian State Emergency Service and State Treasury were targeted, according to state media Ukrinform.
On Friday, the Ministry of Education and Science, whose official website is down, asked citizens to use the ministry’s official social networks while the issue is being resolved.
The head of Ukraine’s technical security and intelligence service, Yuri Shchigol, said nearly 70 websites of central and regional authorities were affected.
“It appears that each of these sites was developed on behalf of the Ukrainian government by a Ukrainian company called Kitsoft,” said Matt Olney, director of threat and interdiction intelligence at Talos, the intelligence unit on threats from tech giant Cisco, to CNN. “While obviously unfortunate, we do not view this event alone as indicative of an increase or decrease in [cyber] risk in Ukraine,” he added.
Oleksandr Iefremov, CEO of Kitsoft, said the company is “actively involved in restoring” the government websites it supports. Not all Ukrainian government websites affected by the hack run Kitsoft software, Iefremov said in a statement sent to CNN.
“We test for vulnerabilities, bugs and update government websites that are supported by the Kitsoft company in a timely manner,” Iefremov said. “Unfortunately, not all customers order support from the website, so we didn’t have access to it.”
While the Ukrainian government has suggested Russian involvement in the hack, outside experts say they cannot make that attribution without forensic evidence.
Oleh Derevianko, founder of Kyiv-based cybersecurity firm ISSP, said he was not surprised by the degradation of government websites.
“It’s a good illustration of how you can use a simple disfigurement attack as an info ops tool when everyone is so nervous and agitated about a possible invasion,” he said. told CNN.
Attacks add to ‘already tense situation’
EU foreign policy chief Josep Borrell condemned the cyberattack, warning it contributes to the “already tense situation” in the region.
At a joint press conference with the French foreign minister in Brest, France, on Friday, Borrell, the EU’s high representative for foreign affairs and security policy, said he had convened a emergency meeting after learning of the attack on Ukrainian government websites.
“Such actions aimed at destabilizing Ukraine contribute to a further escalation of the already tense situation,” Borrell said.
When asked if Russian governmental or non-governmental actors were behind the attacks, Borrell replied that while he didn’t want to “point fingers”, there “is some probability as to their origin”.
Ukrainian Foreign Ministry spokesman Oleg Nikolenko said on Friday it was “too early to draw conclusions” about the origin of the attack, but said there was “a long list of Russian cyberattacks against Ukraine in the past”.
Separately, the Ukrainian Defense Ministry alleged in a statement on Friday that Russian special services were preparing provocations against servicemen of the Russian Armed Forces in order to accuse Ukraine.
The statement from the ministry’s intelligence directorate said, “Military units of the aggressor country and its satellites are ordered to prepare for such provocations.”
CNN has contacted the Russian Ministry of Defense to comment on both allegations.
Tensions with Russia at their highest
The United States and Russia met this week for high-stakes talks aimed at averting a war, as Russia continued to amass troops near Ukraine’s borders amid a dispute over the activities of NATO in Eastern Europe and the prospect of Ukraine joining the military alliance.
Ukraine has said Russia is trying to destabilize the country ahead of any planned military invasion, and Western powers have repeatedly warned Russia against further aggressive moves.
The Kremlin denies plans to attack and argues that NATO support for Ukraine – including increased arms supplies and military training – poses a growing threat on the flank western Russia.
A senior US official has warned that “the drumbeat of war is ringing loudly” after a week of talks that ended on Thursday without clear breakthroughs.
Russian officials have suggested they are close to abandoning talks over the refusal of the United States and NATO to meet Moscow’s main demands: a guarantee that Ukraine will never be allowed to join the NATO and that the alliance cancels its expansion in Eastern Europe.
On Friday, Russian Foreign Minister Sergey Lavrov told a press briefing that while Moscow’s proposals “are aimed at reducing military confrontation, defusing the overall situation in Europe, exactly the opposite is happening. In Occident”.
He said: “We absolutely do not accept the appearance of the North Atlantic Alliance on our borders, especially given the trajectory followed by the Ukrainian leadership – both past and present. These are really red lines and they know this.”
Katharina Krebs reported from Kyiv and Jake Kwon reported from Seoul. Jeremy Herb, Jennifer Hansler, Alex Marquardt, Kylie Atwood, Sean Lyngaas, Sam Kiley and Dalal Mawad contributed reporting.