Ukrainian law enforcement agencies said more than 70 state websites were attacked on Friday and accused hacker groups associated with Russian secret services of potentially being behind the incident.
The attack, which Ukrainian officials initially called “massive,” took down several government websites in Ukraine, including those for the Ukrainian Foreign Ministry and the Ministry of Education and Science.
In a statement, the Security Service of Ukraine, State Special Service and Cyber Police said 10 of the government websites “were subjected to unauthorized interference.” Ukrainian news outlet Ukrinform said the websites for the country’s energy, treasury, environment, veterans, and state emergency service departments were defaced.
The agencies said the content on the sites was not changed and no personal data was taken during the incident, despite the claims made by the hackers.
“Our specialists, together with the administrators of ministries and departments, have restored the work of most web resources. Also at the initiative of the SBU, a number of critical state resources were cut off, including public services portal Action, to localize the technical problem and to prevent the spread of the attack. The mobile application Action worked and works in a regular mode,” the statement said.
“At the same time, the report that hackers exploited a specific vulnerability of the content management system that appeared in the media during the day was just one of the versions that was being worked out. Now, at the end of the day, we can say with high probability that there was a so-called supply chain attack, among others. The attackers hacked the infrastructure of a commercial company that had access to the rights to administer the web resources affected by the attack.”
Law enforcement officials in the country are still in the process of investigating the incident and collecting evidence, noting that their investigation will continue through the weekend. The Ukrainian CERT released its own message saying the attack may have related to a vulnerability in a CMS system that was discovered last year.
The Ukrainian tech company behind many of the websites, Kitsoft, said in a statement on Facebook that it was not the only company that had websites defaced.
The company called the attack “complex” and said it generally checks for vulnerabilities but was only contracted to build the sites, not provide support. They said not all of their government customers had contracts for site support and everything was “handed over to the customer” once the sites were built.
“In order to prevent such attacks against the state, it is important to allocate resources for regular support and upgrade IT systems,” the company said.
The incident — which took place as Russia threatens to invade Ukraine — caused significant outrage across Europe but led some to question whether the concern over the attack was warranted considering the the lack of tangible damage done. Cybersecurity expert and journalist Kim Zetter, one of the first to notice the attack, said “it helps the perpetrator of the attack spread fear and their misinformation campaign when people make more out of an attack than it merits.”
Other experts said even calling the incident an “attack” was an exaggeration. But despite the criticisms, foreign ministers across Europe released statements condemning the incident and pledging support for Ukraine, including officials from Belgium, Bulgaria, Latvia, Denmark, Lithuania, Poland, Norway and Romania.
NATO secretary general Jens Stoltenberg said cyber experts in Brussels were sharing information with Ukrainian officials and others were supporting Ukraine “on the ground.”
“In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation, including Ukrainian access to NATO’s malware information sharing platform. NATO’s strong political and practical support for Ukraine will continue,” Stoltenberg said.
In addition to the website defacements, Ukraine’s largest gas retail also reported a cyberattack although it is unclear if the two were tied together. Oleg Nykonorov, CEO of РГК, wrote on Facebook that they too were attacked but said it was stopped before any damage could be done.