While it wasn’t immediately clear who was behind the cyberattack, the disruption came amid heightened tensions with Russia and after talks between Moscow and the West failed to yield any significant progress this week.
Moscow had previously denied involvement in cyberattacks against Ukraine.
About 70 websites of both national and regional government bodies have been targeted by the attack, according to Victor Zhora, deputy chair of the State Service of Special Communication and Information Protection. Zhora stressed, however, that no critical infrastructure was affected and no personal data was leaked.
The hack amounted to a simple defacement of government websites, said Oleh Derevianko, a leading private sector expert and founder of the ISSP cybersecurity firm. The hackers got into a content management system they all use, but “didn’t get access to the websites themselves.”
“It could be just a regular information operation (seeking) to undermine the government’s capability and to create and enhance uncertainty,” added Derevianko. It could also possibly be “part of a planned hybrid attack or longer term and more sophisticated cyber operation which is underway but has not culminated.”
The main question, said Derevianko, is whether this is a standalone hacktivist action or part of a larger state-backed operation.
Tensions between Ukraine and Russia have been running high in recent months after Moscow amassed an estimated 100,000 troops near Ukraine’s border, stoking fears of an invasion. Moscow says it has no plans to attack and rejects Washington’s demand to pull back its forces, saying it has the right to deploy them wherever necessary.
The Kremlin has demanded security guarantees from the West that NATO deny membership to Ukraine and other former Soviet countries and roll back the alliance’s military deployments in Central and Eastern Europe. Washington and its allies have refused to provide such pledges, but said they are ready for the talks.
High-stakes talks this week between Moscow and the U.S., followed by a meeting of Russia and NATO representatives and a meeting at the Organization for Security and Cooperation in Europe, failed to bring about any immediate progress.
NATO Secretary-General Jens Stoltenberg said Friday that the 30-country military organization will continue to provide “strong political and practical support” to Ukraine in light of the cyber attacks.
“In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation, including Ukrainian access to NATO’s malware information sharing platform,” Stoltenberg said in a statement.
European Union foreign policy chief Josep Borrell said Friday that the 27-nation bloc is ready to mobilize all its resources to provide technical assistance to Ukraine and help it improve its capacity to weather cyberattacks.
Asked who could be behind the attack, Borrell said: “I can’t point at anybody because I have no proof, but one can imagine.”
Russia has long history of launching cyber operations against Ukraine, including a hack of its voting system ahead of 2014 national elections and an assault the country’s power grid in 2015 and 2016. In 2017, Russia unleashed one of most damaging cyberattacks on record with the NotPetya virus that targeted Ukrainian businesses and caused more than $10 billion in damage globally.
Ukrainian cybersecurity professionals have been fortifying the defenses of critical infrastructure ever since. Zhora has told the AP that officials are particularly concerned about Russian attacks on the power grid, rail network and central bank.
Experts have said recently that the threat of another such cyberattack is significant as it would give Russian President Vladimir Putin the ability to destabilize Ukraine and other former Soviet countries that wish to join NATO without having to commit troops.
“If you’re trying to use it as a stage and a deterrent to stop people from moving forward with NATO consideration or other things, cyber is perfect,” Tim Conway, a cybersecurity instructor at the SANS Institute, told The Associated Press in an interview last week.
Conway was in Ukraine last month conducting a simulated cyberattack on the country’s energy sector. The U.S. has been investing in improving Ukraine’s cyber defenses for several years through various departments, like the Department of Energy and USAID.
The White House didn’t immediately respond to a request seeking comment.
In a separate development Friday, Russia’s Federal Security Service, or FSB, announced the detention of members of the REvil ransomware gang and shutting down its operation. REvil is a major ransomware syndicate that was behind last year’s Fourth of July weekend ransomware attack that crippled more than 1,000 businesses and public organizations globally.
The FSB said it raided the homes of 14 group members and seized over 426 million rubles ($5.6 million), including in cryptocurrency as well as computers, crypto wallets and 20 elite cars “bought with money obtained by criminal means.” All those detained have been charged with “illegal circulation of means of payment,” a criminal offense punishable by up to six years in prison.
According to the FSB, the operation was conducted upon a request from the U.S. authorities, who reported the leader of the group to officials in Moscow.
It is the first significant public action by Russian authorities since U.S. President Joe Biden warned Putin last year that he needed to crack down on ransomware gangs in his country.
REvil’s attacks have compromised tens of thousands of computers worldwide and yielded at least $200 million in ransom payments, Attorney General Merrick Garland said in November when announcing charges against two hackers affiliated with the gang.
REvil went dark this summer, with both it’s data-leak site and ransom-negotiating portals going offline, after a series of high-profile ransomware attacks. It was behind a July 2 supply chain ransomware attack that crippled well over 1,000 organizations globally by targeting Florida-based software provider Kaseya. And JBS, the world’s largest meat processor, said in June that it had paid $11 million following a hack by REvil.
Such attacks brought significant attention from law enforcement officials around the world. The U.S. announced charges against two affiliates in November, hours after European law enforcement officials revealed the results of a lengthy, 17-nation operation. As part of that operation, Europol said, a total of seven hackers linked to REvil and another ransomware family have been arrested since February.
The Associated Press reported last year that U.S. officials, meanwhile, shared a small number of names of suspected ransomware operators with Russian officials, who have said they have started investigating. Kremlin spokesman Dmitry Peskov said late last year that countries have been having a useful dialogue.
“This is a huge, huge deal,” Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, said of FSB’s announced arrests Friday. “This was a top tier group until recently.”
Frank Bajak reported from Boston, Litvinova reported from Moscow. Catherine Gaschka in Brest, France, Alan Suderman in Richmond, Virginia, and Eric Tucker in Washington, contributed to this report.