The websites of the Cabinet of Ministers of Ukraine and of the ministries of foreign affairs, infrastructure, education and others, were disrupted.
In a separate and potentially more serious hack a few hours earlier, a data eraser was found on hundreds of computers in Ukraine, according to cybersecurity researchers. that a destructive cyber attack is taking place amid Russia’s military escalation.
Taken together, the incidents represent a clear escalation in cyberattacks on Ukrainian infrastructure as the US and its allies warn of an impending Russian invasion of Ukraine and impose sanctions against Russian banks and elites. In a televised address, Russian President Vladimir Putin announced military action in Ukraine’s Donbas region on Thursday morning, calling on Ukrainian forces to lay down their weapons and go home.
Charles Carmakal, senior vice president and chief technology officer of cybersecurity firm Mandiant, told CNN: “We know of many commercial and government organizations in Ukraine affected by destructive malware today. today”.
The hacks occurred as United Nations Secretary-General António Guterres issued an 11-hour appeal asking Russia to limit military action.
“If indeed an operation is being prepared, I have only one thing to say from the bottom of my heart: President Putin, stop your army from attacking Ukraine,” Guterres said at an emergency meeting of the Russian Federation. United Nations Security Council on Wednesday night in New York. . “Give peace a chance. Too many people have died.”
US officials have warned that Russia will most likely use cyber operations in conjunction with military action in Ukraine. Last month, President Joe Biden said the US could respond with cyber operations if Russia carried out more cyberattacks in Ukraine.
Website disruption early Thursday in Ukraine follows news Wednesday afternoon of a cyberattack that temporarily took down the websites of the Ukrainian Parliament, the Security Service and the Cabinet of Ministers.
It remains unclear who is responsible for the vandalism attack or the website disruption early Thursday morning. The Ukrainian government did not immediately respond to CNN’s request for comment.
Ukraine’s State Department of Special Information and Communications Protection said the cyberattacks on websites reported earlier on Wednesday were “a continuation” of cyberattacks against websites. by the Ukrainian government on February 15. The White House blamed Russia’s military intelligence agency, the GRU, for those attacks. , are called distributed denial of service (DDoS) attacks because they overwhelm computer servers with fake traffic and take websites offline. The Russian Embassy in Washington denied the allegation.
However, of all the network problems, the destructive data wipe tool – known as “wiper” malware – is likely to be affected the most. Wiper malware often deletes data from computers and renders them inoperable. That has the potential to make it difficult for organizations trying to stay online during a conflict.
Vikram Thakur, technical director of Broadcom’s Symantec cybersecurity unit, said the attack hit at least one Ukrainian financial institution and two Ukrainian government contractors, one based in Latvia and the other. present in Lithuania.
According to cybersecurity firm ESET, the malware has affected “major organizations” in Ukraine. The hack tool appears to have been created two months ago, but “just rolled out today and we just saw it,” said Jean-Ian Boutin, ESET’s head of threat research. in Ukraine”.
The goal right now for key Ukrainian government agencies and businesses is resilience in the face of a wave of attacks. Some agencies were able to get back online relatively quickly after last week’s DDoS attacks. The US government and many of its allies, along with private sector experts, are supporting Ukraine’s cybersecurity on the ground and remotely.
Senator Mark Warner, a Virginia Democrat who chairs the Senate Intelligence Committee, told CNN: “With a leading cyber power like Russia, you won’t be able to stop them 100 percent, so the goal is The goal is resilience”.
When asked if the US should conduct its own hacking operations in response to Russian activities in Ukraine, Warner said that the US generally avoids “opening Pandora’s Box under conditions of cyber escalation”.
“So far, it’s been the right approach,” Warner added. He added: “But we have never seen a case like this where Putin was ready to deploy 190,000 troops” and threatened Kyiv. “We don’t know what he’s going to do in the cyber arena.”
This title and story has been updated with additional reporting.
Tim Lister of CNN in Kyiv contributed to this report.
