Massive Cyber Attack Knocks Down Ukrainian Government Websites

No fewer than 70 websites operated by the Ukrainian government
went offline on Friday for hours in what appears to be a
coordinated cyber attack amid heightened tensions with Russia.

“As a result of a massive cyber attack, the websites of the
Ministry of Foreign Affairs and a number of other government
agencies are temporarily down,” Oleg Nikolenko, MFA spokesperson,
tweeted ^[1].

The Security Service of Ukraine, the country’s law-enforcement
authority, alluded ^[2]
to a possible Russian involvement, pointing fingers at the hacker
groups associated with the Russian secret services while branding
the intrusions as a supply chain attack that involved hacking the
“infrastructure of a commercial company that had access to the
rights to administer the web resources affected by the attack.”

Prior to the update from the SSU, the Ukrainian CERT ^[3] claimed that the attacks
may have exploited a security vulnerability in Laravel-based
October CMS (CVE-2021-32648 ^[4]), which could be abused
by an adversary to gain access to an account using a specially
crafted request.

The breach targeted a number of government websites, including
those for Ukraine’s Cabinet, education, agriculture, emergency,
energy, veterans affairs, and environment ministries, among others,
10 websites of which were “subjected to unauthorized
interference.”

The security agency, however, stressed that content of the sites
was not altered and that no sensitive personal data was stolen.

“Provocative messages were posted on the main page of the
websites,” the SSU said ^[5]. “The content of the
sites was not changed, and, according to preliminary information,
no leakage of personal data occurred.”

This is far from the first time Russia has set its sights on
Ukraine. In December 2015, a nation-state adversary tracked as
Sandworm ^[6]
targeted ^[7]
the power grid, resulting in unprecedented blackouts for roughly
230,000 consumers in the nation.

Two years later, Ukraine was also at the receiving end of the
devastating NotPetya ^[8]
wiper malware campaign by the Sandworm military hackers that erased
confidential data from the computers of banks and energy firms.

Then in November 2021, the SSU unmasked ^[9]
the real identities of five Russian intelligence officials
allegedly involved in over 5,000 cyberattacks attributed to a
cyber-espionage group named Gamaredon aimed at public authorities
and critical infrastructure located in the country.

“The purpose of such attacks is to destabilize the internal
situation in the country, as well as to sow chaos and disbelief in
society,” the Center for Strategic Communications and Information
Security said ^[10], noting the hacks
amount to “psychological pressure and intimidation.”

References

^{^}
tweeted
(twitter.com)
^{^}
alluded
(ssu.gov.ua)
^{^}
Ukrainian CERT
(cert.gov.ua)
^{^}
CVE-2021-32648
(nvd.nist.gov)
^{^}
said
(ssu.gov.ua)
^{^}
Sandworm
(malpedia.caad.fkie.fraunhofer.de)
^{^}
targeted
(en.wikipedia.org)
^{^}
NotPetya
(en.wikipedia.org)
^{^}
unmasked
(thehackernews.com)
^{^}
said
(spravdi.gov.ua)