MaksymFilipchuk - stock.adobe.co

Nato offers tech support after 'massive cyber attack' hits Ukraine

Speculation mounts that Russia is behind a cyber attack which defaced Ukrainian government websites amid growing international tension

Nato has pledged support to Ukraine after it was hit by a “massive cyber attack” which has taken multiple government websites offline.

The general secretary of Nato, Jens Stoltenberg, said the alliance would sign an enhanced cyber security agreement with Ukraine within the next few days.

Nato experts were already providing support to Ukraine “on the ground” and were sharing information on the “malicious cyber attacks” that hit the country today (14 January 2022).

The attack comes in the wake of tense negotiations between Russia, the US and Nato this week over Russia’s build-up of 100,000 troops on the Ukrainian border. Speculation grew today over the origin of the attacks, with many Ukrainians pointing the finger at Russia despite attempts by the hackers to deflect attention to Poland.

‘Be afraid’

The majority of government sites were inaccessible, including websites of the Foreign Ministry, the anti-monopoly committee, and Diaa, which is the online platform used by citizens to access passports, vaccination certificates and other services, according to a source in the Ukraine.

The official websites for the Office of the President, Volodymyr Zelensky, and the Ukranian parliament escaped the attack. The mobile version of Diaa was also working.

The hackers posted messages on Ukrainian government websites warning people that “all your personal data has been uploaded to the public network” and to “be afraid and expect the worst”.

They featured drawings of the Ukrainian flag and a map of the Ukraine, both of which were crossed out.

Hacker message
Message from hackers posted on Ukraine government websites

The text, which was partly written in Polish, referred to controversial events in Ukraine’s history over its relationship with Poland. But there are clear mistakes in the text, prompting suggestions of an attempt to deflect responsibility for the attack to Polish hackers.

The message posted by hackers is in the Polish language, but Polish newspapers and Ukrainians who fluently speak Polish found several mistakes in the text which mean it is Google or another translation service,” one commentator in the Ukraine told Computer Weekly. “So I strongly believe those hackers are Russians trying to hide under Ukrainian-Polish historical issues,” he said.

Nato offers cyber support

Stoltenberg issued a statement strongly condemning the attacks against Ukraine.

“Nato cyber experts in Brussels have been exchanging information with their Ukrainian counterparts on the current malicious cyber activities. Allied experts in the country are also supporting the Ukrainian authorities on the ground,” he said.

“In the coming days, Nato and Ukraine will sign an agreement on enhanced cyber cooperation, including Ukrainian access to Nato’s malware information sharing platform. Nato’s strong political and practical support for Ukraine will continue,” he added.

Jens StoltenbergNato

 “Nato’s strong political and practical support for Ukraine will continue”

Jens Stoltenberg, Nato general secretary

.

Oleg Nikolenko, spokesman for the Ministry of Foreign Affairs in the Ukraine, confirmed that the attack had hit the websites of government agencies.

“As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down,” he said in a post on Twitter“Our specialists have already started restoring the work of IT systems, and the cyber police has opened an investigation.”

Messages posted on the hacked web sites, claimed – implausibly – that the perpetrators had accessed Ukrainian citizens’ personal data and published it on the web.

Ukrainian! All your personal data has been uploaded to the public network. All data on the computer is destroyed, it is impossible to recover. All information about you has become public, be afraid and expect the worst,” it said.

The hackers made references to incidents in Ukranian history, including the annexing of Volyn, formerly part of Poland, to the Ukraine in 1939, which led to the deportation of thousands of Poles to Siberian labour camps.

Other references were made to the Organisation for Ukrainian Nationalists (OUN), a far-right group that operated in Galicia, part of Poland before the second world war. The organisation regarded Poland as a political enemy.

“This is for your past, present and future. for Volyn, for the OUN UPA, for Galicia, for Polissya and for historical lands. Ukrainian! All your personal data has been uploaded to the public network. All data on the computer is destroyed, it is impossible to recover it,” the statement read, according to a translation of a screenshot of the message captured by BuzzFeed’s reporter in Ukraine, Christopher Miller.

Police investigation

Ukraine’s cyber police department said in a statement that the attack had defaced websites with provocative messages, but that the contents of computer systems had not been affected and that no personal data had been lost.

“In order to prevent the spread of the attack on other resources and localisation of the technical problem, the work of other government sites was temporarily suspended,” the statement said.

The cyber police department, together with the State Special Communications Service and the Security Service of Ukraine, have begun collecting digital evidence and identifying those involved in the cyber attacks.

“Most of the attacked state resources have already been restored, and others will be available soon,” it said.

A spokesperson for the US State Department said on Friday evening that the US would offer support to the Ukraine.

“We are in touch with the Ukrainians and have offered our support as Ukraine investigates the impact and nature and recovers from the incidents. While we continue to assess the impact with the Ukrainians, it seems limited so far with websites coming back online,” the spokesperson said.

Read more on nation state cyber attacks

Read more on Web application security