A Ukrainian internet service provider used by the country’s military suffered a massive cyberattack on Monday, Ukrainian officials said, fueling fears that Russia intends to wield more dangerous digital weapons as the war drags into its second month.
The attack on Ukrtelecom PJSC was described by some experts as among the most harmful cyberattacks since the Russian invasion of Ukraine on Feb. 24. About 3:30 p.m. ET on Monday, Ukrainian officials said that they had repelled the attack, and that the company could restore services, according to a statement from Ukraine’s State Service of Special Communication and Information Protection, which is responsible for cybersecurity in the country.
The Ukrainian cyber agency’s statement didn’t say who was responsible for the cyberattack. Security experts have said Russian-linked hackers have launched a variety of cyberattacks against financial services companies, internet service providers and government agencies since this February, in the run-up to the Feb. 24 invasion and after.
Russia has denied involvement in cyberattacks.
Ukrtelecom says it is the largest provider of landline telephone service in Ukraine. It is the seventh-largest internet service provider in the country, said
Doug Madory,
director of Internet analysis with network-monitoring firm Kentik Inc.
Ukrtelecom’s ability to connect to the internet to provide services to customers began dropping about 5 a.m. ET and gradually fell off throughout the day Monday, according to data from the Georgia Institute of Technology’s Internet Outage Detection and Analysis project, which monitors internet blackouts. Within five hours, the company was almost completely offline, Mr. Madory said.
After the attack began, the company began limiting service to the majority of its business and consumer customers to preserve capacity for its military customers, the SSSCIP said.
As of 4:30 p.m. ET, about 8% of the Ukrtelecom networks that the Georgia Tech internet outage project measures were online.
Ukrtelecom didn’t return messages seeking comment, but the company acknowledged service outages in a post Monday to its
page, and said it was working to restore stable service as soon as possible.
The disruption was confirmed by multiple groups that monitor internet traffic. Netblocks, an internet observatory that has tracked previous outages in Ukraine, said on Twitter that network data showed “an ongoing and intensifying nation-scale disruption to service, which is the most severe registered since the invasion by Russia.”
Cybersecurity experts and U.S. officials have been surprised by the lack of major disruptive or destructive cyberattacks during the Ukraine conflict, as Russia is widely viewed to have some of the most capable state-sponsored hacking groups in the world, and Moscow has previously been blamed for launching cyberattacks that disrupted Ukraine’s government, electricity grid and financial services.
The malicious cyber activity has largely been confined to service disruptions of websites and the limited deployment of so-called wiper malware, which can destroy computer files. Still, U.S. officials have grown increasingly concerned that Moscow could lash out either in Ukraine or against the West in response to its struggles on the battlefield and punishing sanctions enacted by the U.S. and Europe.
Last week, President Biden said there was evolving intelligence that suggested Russia was exploring options to target the U.S. with cyberattacks.
Write to Robert McMillan at Robert.Mcmillan@wsj.com and Dustin Volz at dustin.volz@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
================
Source link
