No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia.
“As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down,” Oleg Nikolenko, MFA spokesperson, tweeted.
The Security Service of Ukraine, the country’s law-enforcement authority, alluded to a possible Russian involvement, pointing fingers at the hacker groups associated with the Russian secret services while branding the intrusions as a supply chain attack that involved hacking the “infrastructure of a commercial company that had access to the rights to administer the web resources affected by the attack.”
Prior to the update from the SSU, the Ukrainian CERT claimed that the attacks may have exploited a security vulnerability in Laravel-based October CMS (CVE-2021-32648), which could be abused by an adversary to gain access to an account using a specially crafted request.
The breach targeted a number of government websites, including those for Ukraine’s Cabinet, education, agriculture, emergency, energy, veterans affairs, and environment ministries, among others, 10 websites of which were “subjected to unauthorized interference.”
The security agency, however, stressed that content of the sites was not altered and that no sensitive personal data was stolen.
“Provocative messages were posted on the main page of the websites,” the SSU said. “The content of the sites was not changed, and, according to preliminary information, no leakage of personal data occurred.”
This is far from the first time Russia has set its sights on Ukraine. In December 2015, a nation-state adversary tracked as Sandworm targeted the power grid, resulting in unprecedented blackouts for roughly 230,000 consumers in the nation.
Two years later, Ukraine was also at the receiving end of the devastating NotPetya wiper malware campaign by the Sandworm military hackers that erased confidential data from the computers of banks and energy firms.
Then in November 2021, the SSU unmasked the real identities of five Russian intelligence officials allegedly involved in over 5,000 cyberattacks attributed to a cyber-espionage group named Gamaredon aimed at public authorities and critical infrastructure located in the country.
“The purpose of such attacks is to destabilize the internal situation in the country, as well as to sow chaos and disbelief in society,” the Center for Strategic Communications and Information Security said, noting the hacks amount to “psychological pressure and intimidation.”