Ukraine Government and Embassy Websites Attacked

Tensions are high right now in Eastern Europe. Russia has massed troops on the border of Ukraine and continues to stoke fears that they will invade and forcibly annex the former Soviet state. There has not been any overt military action as of yet, but there was a bit of a “warning shot” today as more than a dozen Ukrainian government websites—as well as websites for the US, UK, and Swedish embassies—were targeted by a cyberattack.

Ukraine Cyberattack

A report from the BBC says that a message briefly appeared before the websites were taken down, warning Ukrainians to “prepare for the worst”.

The cyberattack knocked the websites offline and replaced them with a message posted in Ukrainian, Russian, and Polish, which states:

"Ukrainian! All your personal data has been uploaded onto the public internet," the message read. It continued: "This is for your past, your present and your future."

Ukrainian intelligence denies that any personal data has been leaked, and claims based on initial assessments that no content has been changed. However, Ukraine also proactively suspended a number of websites to prevent any further attack. 

Intimidation and Fear

This attack is concerning because cyberattacks are anticipated as a first move for an actual invasion. If or when Russia actually makes a move on Ukraine, it is reasonable to assume they will also employ cyberattacks as part of a hybrid attack. In modern conflicts, nations can disrupt communications or defenses to create chaos and gain an advantage as they launch a physical attack. 

This seems like a natural progression of propaganda. It is analogous to leaflets being dropped from airplanes to trigger fear amongst a population–which is a common practice used by nations in previous conflicts.

Website security is often more lax than in other areas and often hosted outside of a network which is more tightly secured. Websites, of course, are internet-facing and historically less likely to be patched which makes them easy targets for compromise. 

I believe this attack achieved its objectives. The media has further amplified the compromises and the average person may not understand the difference between a website defacement and a more serious intrusion. If nothing else, it is an intimidating “show of power” that might undermine the confidence of the Ukrainian population and military, or influence support from allied nations. 

Response and Escalation

Ukraine is strategically relevant between Russia and the West. It is geographically and culturally important, and there has been low-level simmering with occasional flare-ups in the region–both physically and digitally–for years. Tension in Ukraine is very high right now, and the conflict almost seems like a proxy battle between Russia and the United States. 

It remains to be seen how Ukraine or the United States or other allies will respond. The men and women in the Ukraine in charge have a massive challenge, but they seem from outside to be handling it. The reasonable approach seems to be for Ukraine to stay the course and to call for help if they need it from the private sector and allies. Any move can trigger responses, so there are no simple options–but in the end the preparations that Ukraine has made have been extensive in the last decade.

We do not know yet whether Russia itself is actually behind this attack, or if it was coordinated by patriotic Russian sympathizers. Whether Russia actually executed or ordered it, though, it’s fair to assume this falls under state-ignored cyber activity—where Russian authorities conveniently look the other way as long as cybercriminals are doing things that align with state objectives. 

What we have so far is the poor man’s cyberattack. Web defacement is simple, flashy, and largely irrelevant. The fact that nothing more serious has happened means that Russia or whoever is behind these attacks either hasn’t broken out the bigger cyber armament or that the Ukraine is more resilient than it has been in the past.

 

Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. More resources around emerging threats tied to the Russian aggression in Ukraine can be found hereLearn more about Cybereason AI-driven  XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Ken Westin
About the Author

Ken Westin

Ken Westin is Director of Security Strategy at Cybereason. Ken has been in the security field for over 15 years, working with companies to bolster their security posture through threat hunting, insider threat programs and vulnerability research. In the past, he has worked closely with law enforcement, helping to unveil organized crime groups. His work has been featured in Wired, Forbes, New York Times, Good Morning America and others, and he is regularly reached out to as an expert on cybersecurity, cybercrime and surveillance.

All Posts by Ken Westin