Large-Scale Cyberattack Tells Ukrainians to "Be Afraid"
A massive cyberattack has taken down about 70 different websites belonging to the Ukrainian government and Ukrainian public institutions. The Ukrainian foreign ministry website was defaced with a number of symbols, including a crossed-out Ukrainian national flag and a grim-sounding message.
The attack took place last Friday, as tensions in the region were high and negotiation talks between Western countries and Russia did not come to any meaningful conclusion.
Grim Words and Threats
The message that showed up on the government website was written in Ukrainian, Russian and Polish. The gist of the message was this: "Ukrainians! All information about you has become public, be afraid and expect the worst." This threat was followed by hints at claims on part of the cyber attackers for the territories of Galicia, Polesia, and what the message calls "historical lands". The Ukrainian OUN - the Organization of Ukrainian Nationalists, a far-right Ukrainian organization was also mentioned alongside those territories.
The reach of the attack was massive, as it crippled a number of public-facing government websites, as well as other state web infrastructure.
Uncertain Origins
Security experts did not include any threat actor assessment in their analysis and stated it was too early to name an attacker with certainty, even though EU diplomat Josep Borrell, as quoted by Threatpost, implied it was not impossible "to imagine" how the attack originated.
Additionally, Darktrace analyst Toby Lewis stated that similar attacks should also be taken "with a grain of salt", as they might be engineered to mimic the activities of extreme nationalist and "separatist groups". Similar attacks are also used to distract from a more dangerous covert cyberattack and to lead IT security to look in a different direction. The analysis also confirms that the defaced websites were public-facing portals and did not contain any sensitive or personally identifiable information, as the defacement note suggests. Additionally, Ukrainian officials confirmed that the attack had to do more with the "operability" and accessibility of websites, not with the data contained on them.