No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia.
βAs a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down,β Oleg Nikolenko, MFA spokesperson, tweeted.
The Security Service of Ukraine, the countryβs law-enforcement authority, alluded to a possible Russian involvement, pointing fingers at the hacker groups associated with the Russian secret services while branding the intrusions as a supply chain attack that involved hacking the βinfrastructure of a commercial company that had access to the rights to administer the web resources affected by the attack.β
Prior to the update from the SSU, the Ukrainian CERT claimed that the attacks may have exploited a security vulnerability in Laravel-based October CMS (CVE-2021-32648), which could be abused by an adversary to gain access to an account using a specially crafted request.
The breach targeted a number of government websites, including those for Ukraineβs Cabinet, education, agriculture, emergency, energy, veterans affairs, and environment ministries, among others, 10 websites of which were βsubjected to unauthorized interference.β
The security agency, however, stressed that content of the sites was not altered and that no sensitive personal data was stolen.
βProvocative messages were posted on the main page of the websites,β the SSU said. βThe content of the sites was not changed, and, according to preliminary information, no leakage of personal data occurred.β
This is far from the first time Russia has set its sights on Ukraine. In December 2015, a nation-state adversary tracked as Sandworm targeted the power grid, resulting in unprecedented blackouts for roughly 230,000 consumers in the nation.
Two years later, Ukraine was also at the receiving end of the devastating NotPetya wiper malware campaign by the Sandworm military hackers that erased confidential data from the computers of banks and energy firms.
Then in November 2021, the SSU unmasked the real identities of five Russian intelligence officials allegedly involved in over 5,000 cyberattacks attributed to a cyber-espionage group named Gamaredon aimed at public authorities and critical infrastructure located in the country.
βThe purpose of such attacks is to destabilize the internal situation in the country, as well as to sow chaos and disbelief in society,β the Center for Strategic Communications and Information Security said, noting the hacks amount to βpsychological pressure and intimidation.β
Found this article interesting? Follow THN on Facebook, Twitter ο and LinkedIn to read more exclusive content we post.