DDoS attacks hit Ukrainian government websites

Kyiv, Ukraine—A powerful Distributed Denial of Service (DDoS) attack hit Ukraine Tuesday, targetting the websites of the country's armed forces, defense ministry, public radio and two biggest national banks—Privatbank and Oschadbank—and knocking some services offline. The attack, which worked by flooding the sites with an overwhelming amount of web traffic, left many Ukrainians unable to use vital services and sowed confusion as Russian forces gather along the border.

Privatbank and Oschadbank were down for two hours, starting around 3 pm local time–leaving mobile apps and online payments inaccessible. The attack didn’t affect the website of Ukraine’s central bank.

About five hours later, banks said their websites are back and “operate normally.” Privatebank, which serves over 20 million Ukrainians, said that “there is a possibility of another attack.” 

The websites of Ukraine’s defense ministry and armed forces are still inaccessible. Ukraine’s public radio also suffered an attack, but it didn’t bring its website down, said its general producer Dmitry Khorkin in a Facebook post.

This is one of the most powerful DDoS attacks on state websites, said Ukraine’s online media outlet Ukrainska Pravda, citing its own sources in the government.

⚠️ Update: #Ukraine has been targeted by a series of DDOS attacks on banking and military services, bringing down PrivatBank and Oschadbank and sending defence sector platforms offline. The incident comes amid heightened tensions with #Russia.

Report: https://t.co/wDrXAUbTdL pic.twitter.com/PM3jG2PToM

— NetBlocks (@netblocks) February 15, 2022

Earlier in the day, some users of Privatbank received a message alerting them that the bank’s ATM machines were not working. Privatbank didn’t send those SMS messages, its spokesman Oleg Serga said in a comment to Ukrainian public broadcaster Suspilne.

According to the Ukrainian cyber police, the messages did not contain phishing links—instead, “it was an information attack" apparently aimed at sowing confusion.  

“It is possible that attackers resorted to this petty mischief because their bigger plans are not working,” said the Ukrainian Center for Strategic Communication in a Facebook post.

The attack came amid growing concerns about a possible Russian military invasion of Ukraine. Tensions are mounting along the borders—where Russia has deployed around 140,000 troops—as well as online.

In January, attackers hacked into 70 government websites, leaving a threatening message on their home pages: “Wait for the worst.” Microsoft also said it observed destructive malware attacks disguised as ransomware—a type of attack where cybercriminals encrypt data and demand a payment from victims to unlock their systems—being deployed in Ukraine as part of this wave of digital assaults

Oschadbank was previously hit by a powerful cyberattack in 2017, when NotPetya affected 12,500 computers used by Ukrainian telecom companies, banks, postal services, retailers, and government bodies. NotPetya was a wiper tool similarly disguised as ransomware that the U.S. government and others have attributed to Russian-state sponsored actors.  

As of today, Ukraine is among the countries with the highest number of malware encounters in Europe, according to the Global threat activity index by Microsoft Ukraine. In the last 30 days, Microsoft detected over 1.7 million infected devices in Ukraine, compared to 1.5 in Germany, 1.2 in France, and 990,000 in the U.K.

People in Ukraine are also facing an uncertain future in the physical world: Some are packing bags with essentials, others plan to relocate to Western Ukraine, even though there are no visible signs of unrest inside the country.

U.S. National Security Adviser Jake Sullivan said last week that the invasion could come “any day” and would likely start with “aerial bombing and missile attacks.”

As a result, some airlines, including Dutch KLM and Ukrainian SkyUp have begun to divert or cancel their flights to Ukraine. Some international insurance companies also said that they would stop insuring aircraft traveling through Ukrainian airspace.