A high-volume cyberattack that temporarily blocked access to the websites of Ukrainian defense agencies and banks on Tuesday was “the largest [such attack] in the history of Ukraine,” but it’s too early to tell who was responsible, Ukrainian Minister of Digital Transformation Mykhailo Fedorov said at a news conference Wednesday.
The so-called distributed denial of service (DDoS) attack — which throttled Ukrainian websites with phony traffic — was coordinated and well-planned, officials said. DDoS attacks often disrupt access to IT systems, but their impact can be more psychological than having any direct effect on a country’s critical infrastructure.
While down for parts of Tuesday, the websites of Ukraine’s Ministry of Defense and Armed Forces, and those of two prominent banks, were back up Wednesday, according to CNN journalists in Ukraine. The DDoS attack, however, is still ongoing, Ukrainian officials said.
The incident comes as Russia has massed an estimated 150,000 troops close to Ukraine’s border, according to US President Biden, and as US officials warn that a fresh Russian invasion could come at any time. Russia has denied it is planning to invade Ukraine.
The US government is investigating the cyberattack on Ukrainian websites, a top State Department official said Wednesday, while suggesting that Russia has a history of carrying out such hacks.
“But who is best at this, who uses this weapon all around the world? Obviously, the Kremlin,” Under Secretary for Political Affairs Victoria Nuland said on “CBS Mornings.”
“While we’re still investigating and doing forensics along with the Ukrainians, I think what’s most important is that these cyberattacks were not very successful,” Nuland said.
She credited Ukrainian officials for responding quickly and helping the websites recover.
Internet traffic hitting Ukrainian websites during the DDoS attack was “three orders of magnitude more than regularly observed traffic,” according to data collected by cybersecurity firm CrowdStrike.
Ninety-nine percent of the traffic involved a type of digital request to computer servers, “indicating the attackers were attempting to overwhelm Ukrainian servers,” said Adam Meyers, cybersecurity technology company CrowdStrike’s senior vice president of intelligence.
A Ukrainian intelligence report recently obtained by CNN pointed to Russia’s effort to destabilize “Ukraine’s internal situation by using economic, energy, information, cyber, social, ethnic, and other tools.”
Ukraine has assessed that Russia and Belarus were responsible for a separate cyberattack that hit government websites last month. “As a result of a massive hacker attack on the night of January 14, 2022, the web pages of the Government of Ukraine” were shut down. The attacks were carried out by a group affiliated with the Russian and Belarusian special services,” the Ukrainian intelligence report said.
Similarities in the infrastructure used in Tuesday’s DDoS attack and the one last month suggest the incidents could be connected, Ukrainian officials said Wednesday.
CNN’s Jennifer Hansler and Kylie Atwood contributed reporting to this post.
NATO chief: “What we see today is that Russia maintains a massive invasion force ready to attack”