Internet Provider to Ukrainian Military Hit With Major Cyberattack

A Ukrainian internet service provider used by the country’s military suffered a massive cyberattack on Monday, Ukrainian officials said, fueling fears that Russia intends to wield more dangerous digital weapons as the war drags into its second month.

The attack on Ukrtelecom PJSC was described by some experts as among the most harmful cyberattacks since the Russian invasion of Ukraine on Feb. 24. About 3:30 p.m. ET on Monday, Ukrainian officials said that they had repelled the attack, and that the company could restore services, according to a statement from Ukraine’s State Service of Special Communication and Information Protection, which is responsible for cybersecurity in the country.

The Ukrainian cyber agency’s statement didn’t say who was responsible for the cyberattack. Security experts have said Russian-linked hackers have launched a variety of cyberattacks against financial services companies, internet service providers and government agencies since this February, in the run-up to the Feb. 24 invasion and after.

Russia has denied involvement in cyberattacks.

Ukrtelecom says it is the largest provider of landline telephone service in Ukraine. It is the seventh-largest internet service provider in the country, said

Doug Madory,

director of Internet analysis with network-monitoring firm Kentik Inc.

Ukrtelecom’s ability to connect to the internet to provide services to customers began dropping about 5 a.m. ET and gradually fell off throughout the day Monday, according to data from the Georgia Institute of Technology’s Internet Outage Detection and Analysis project, which monitors internet blackouts. Within five hours, the company was almost completely offline, Mr. Madory said.

Ukrainian residents survey the aftermath as Russian missiles continue to strike Kyiv, Kharkiv and other cities across the country. Another round of cease-fire talks is scheduled to begin on Tuesday in Turkey. Photo: Anastasia Vlasova/Getty Images

After the attack began, the company began limiting service to the majority of its business and consumer customers to preserve capacity for its military customers, the SSSCIP said.

As of 4:30 p.m. ET, about 8% of the Ukrtelecom networks that the Georgia Tech internet outage project measures were online.

Ukrtelecom didn’t return messages seeking comment, but the company acknowledged service outages in a post Monday to its

Facebook

page, and said it was working to restore stable service as soon as possible.

The disruption was confirmed by multiple groups that monitor internet traffic. Netblocks, an internet observatory that has tracked previous outages in Ukraine, said on Twitter that network data showed “an ongoing and intensifying nation-scale disruption to service, which is the most severe registered since the invasion by Russia.”

Cybersecurity experts and U.S. officials have been surprised by the lack of major disruptive or destructive cyberattacks during the Ukraine conflict, as Russia is widely viewed to have some of the most capable state-sponsored hacking groups in the world, and Moscow has previously been blamed for launching cyberattacks that disrupted Ukraine’s government, electricity grid and financial services.

The malicious cyber activity has largely been confined to service disruptions of websites and the limited deployment of so-called wiper malware, which can destroy computer files. Still, U.S. officials have grown increasingly concerned that Moscow could lash out either in Ukraine or against the West in response to its struggles on the battlefield and punishing sanctions enacted by the U.S. and Europe.

Last week, President Biden said there was evolving intelligence that suggested Russia was exploring options to target the U.S. with cyberattacks.

Write to Robert McMillan at Robert.Mcmillan@wsj.com and Dustin Volz at dustin.volz@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Appeared in the March 29, 2022, print edition as ‘Ukraine Military’s Internet Provider Attacked.’

================

Source link

Leave a Reply