Ukraine said on Sunday it had “evidence” of Russia’s involvement in a large-scale cyberattack that targeted several government sites this week, amid heightened tensions between Kiev and Moscow.
“To date, all evidence points to Russia being behind the cyber attack,” Ukraine’s Ministry of Digital Transformation said in a statement.
The cyberattack carried out overnight from Thursday to Friday targeted the sites of several Ukrainian ministries, which remained inaccessible for several hours.
This sabotage, according to the ministry, “is a manifestation of the hybrid war that Russia has been waging against Ukraine since 2014, the year of the annexation of Crimea by Moscow, which was followed by an ongoing conflict between forces from Kiev and pro-Russian separatists in the east of the country (more than 13,000 dead).
The aim is “not only to intimidate society”, but also to “destabilize the situation in Ukraine” by “undermining the confidence of Ukrainians in their power” with “false information about the vulnerability of state IT structures” , according to the ministry.
Kiev and its Western allies accuse Moscow of having deployed nearly 100,000 soldiers on its border for an aggression.
According to experts, a possible invasion could be preceded by computer sabotage aimed at disorganizing the Ukrainian authorities.
Talks break down
In this unstable context, the return scheduled for Monday, after a month of absence, of the former Ukrainian president Petro Poroshenko (2014-2019) risks causing a political crisis. Main rival of the current president, Volodymyr Zelensky, Mr. Poroshenko is accused by Kiev of “high treason” for having traded with pro-Russian separatists in the East.
Several talks between Russia and the West this week have failed to calm tensions.
“In general, on questions of principle, we can now say that we are sticking to positions […] totally divergent,” Kremlin spokesman Dmitry Peskov said in an interview with CNN.
“If Russia wants to continue on the diplomatic path, we are quite ready for it. […] If Russia chooses the path of invasion and escalation, we are ready for that too with a firm response,” US National Security Advisor Jake Sullivan told CBS.
“You have to understand that the aggressor is Russia,” NATO Secretary General Jens Stoltenberg told the Canadian public broadcaster CBC on Sunday. “Russia must engage in a de-escalation”, but we must also “send to Russia the message that we are ready to discuss and listen to its concerns”.
The United States on Friday accused Moscow — which denied — of deploying agents to carry out “sabotage” operations in Ukraine to create a “pretext” for an invasion.
“No one is threatening anyone with military action […] It would be madness, ”assured Dmitri Peskov on CNN. “But we will be ready to retaliate” if NATO rejects Russian demands.
Russia is calling for “guarantees” aimed, according to it, at ensuring its security, starting with a NATO commitment not to accept Kiev as a member.
Microsoft Disclaimer
Mr. Peskov denied any role of his country in the cyberattack.
On Friday, the Ukrainian Secret Service (SBU) said the attacks targeted 70 government websites, 10 of which were subject to “unauthorized interference”, but “their content was not modified and no leaks of personal data has taken place”.
“Ukraine has a long history of Russian sabotage; they are used to responding to it and getting over it,” commented John Bambenek, an analyst at Netenrich, a cybersecurity firm.
But US IT giant Microsoft warned on Sunday that the massive cyberattack could render the Ukrainian government’s entire IT structure inoperable.
Although the malware detected resembles ransomware, which generally blocks access to the computer by demanding the payment of a ransom, it is in fact intended “to destroy and render inoperable the targeted sites, and not to recover a ransom,” Microsoft wrote on its blog.
Additionally, the attack appears to have targeted more organizations than initially thought.
“We found this malware on dozens of systems belonging to the government, but also to NGOs and information technology organizations, all based in Ukraine,” said Microsoft, which could not identify the origin. attacks at the moment.
“This type of action is part of the Russian doctrine […] of destabilizing its geopolitical enemies”, underlined Rick Holland, vice-president of the American cybersecurity company Digital Shadows, before mentioning in particular the cyberattacks during the annexation of Crimea in 2014.