Ukraine POW
Image: Andriy Yermak, head of the Ukraine Presidential Office, at the Coordination Headquarters for the Treatment of Prisoners of War in December 2022. Credit: Ukraine President's Office

Ukraine’s prisoners of war agency hit by cyberattack

The Ukrainian state agency overseeing the treatment of prisoners of war said on Monday that it had restored access to its website after being hit by a distributed denial-of-service (DDoS) attack over the weekend.

The country’s Coordination Headquarters for the Treatment of Prisoners of War works with families of military personnel who were captured or missing and negotiates prisoner exchanges and the return of bodies of fallen soldiers.

The hacker group behind the incident hasn't been identified, but the agency is pointing to Moscow, connecting the attack to the recent crash of a Russian transport plane.

“Apparently, the enemy decided that information about the prisoners of war exchange and the downing of an Il-76 aircraft poses a threat to them,” the agency said on Telegram.

Moscow has accused Kyiv of downing the Il-76 plane, which the Kremlin says was carrying 65 Ukrainian prisoners of war who were to be swapped, along with six crew members and three Russian servicemen. The plane crash in Belgorod — a Russian city next to the border with Ukraine — and killed everyone on board.

Ukraine has neither confirmed nor denied its responsibility for the incident and called for an international commission to investigate the crash, which Russia opposes.

Ukraine's POW coordination headquarters refused to comment on the alleged downing until the investigation is completed.

“We are aware that the enemy is actively carrying out information operations directed against Ukraine, which are aimed at destabilizing Ukrainian society,” the agency said.

Cyberattacks targeting defense agencies and military personnel are part of ongoing cyber warfare between Ukraine and Russia.

Ukraine’s National Cybersecurity Coordination Center (NCSCC) warned on Friday about attacks targeting the Ukrainian military with phishing emails. That campaign was attributed to the state-sponsored hacker group Fancy Bear, also known as APT28, which is affiliated with Russian military intelligence.

“Amidst the lack of success on the battlefield, Russia is stepping up its cyber-espionage efforts and continuing to try to gain access to Ukraine's military situational awareness and command and control systems by stealing military personnel's credentials,” NCSCC said.

In September, Russian hackers attacked Ukrainian law enforcement agencies to uncover what they know about war crimes committed by Russian soldiers in Ukraine.

In August, the Moscow-backed hacking group Gamaredon targeted Ukraine’s military and government agencies during the country's long-anticipated counteroffensive.

In nearly all previous attacks, Russian hackers attempted to synchronize their activities with crucial military events to enhance the potential impact.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.