Moscow subway app and website disrupted in possible retaliation for Ukraine railway hack

The Moscow subway system’s website and mobile application experienced disruptions on Monday, possibly due to a cyberattack, according to local reports.

During the outage, the subway’s website displayed a message purportedly from Ukraine’s national railway operator, Ukrzaliznytsia, which was recently hit by a large-scale cyberattack. The message resembled what Ukrainian users saw immediately after the attack on Ukrzaliznytsia.

As of Monday evening in Moscow, the message has been removed, but the website remains down. The city’s transport department blamed the disruptions on ongoing technical maintenance. 

Authorities have not officially confirmed a cyberattack. Russia’s internet regulator, Roskomnadzor, confirmed the disruptions.

Earlier on Monday, passengers reported being unable to top up their subway cards remotely. Some also experienced issues recharging their cards at bus validators and ticket vending machines.

Local transport authorities said their specialists were working to resolve the technical issues and that passengers could still replenish their cards at ticket offices and terminals throughout metro stations.

According to Russian users on the outage monitoring service Downdetector, the subway’s app was also still unavailable as of Monday evening. Some users also reported being unable to use digital travel passes.

Last week, unknown hackers disrupted the online services of Ukraine’s state railway operator, Ukrzaliznytsia, including its mobile app and website. Following the attack, the company doubled the number of ticket windows and staff at several stations across Ukraine to accommodate passengers.

Ukrzaliznytsia resumed online ticket sales later last week and restored access to its app and website. During a press conference on Monday, the company stated that no data was leaked during the cyberattack, as the system does not store passengers’ personal data or information about military cargo.

Ukrainian and Russian hackers frequently target transport infrastructure in cyberattacks. Last March, Ukraine’s IT Army claimed responsibility for disrupting fare payment systems in Moscow and Kazan, preventing transit card holders in both cities from paying for tickets, topping up their cards, or paying for parking.

The IT Army’s alleged attack on the operator of Krasnodar’s transport communication network in January temporarily made gated paid parking lots free.

Earlier this March, the group said it had disrupted a transit payment app in St. Petersburg, temporarily knocking the service offline. The company confirmed the attack to local media but did not attribute it to a specific group.