ua en ru
Tue, January 21 War in Ukraine Life World Politics Business Opinion People
Trump inauguration California wildfire Syria Middle East conflict President Zelenskyy
Categories News Articles Interview
  War in Ukraine Life World Politics Business Opinion People
Actual Trump inauguration California wildfire Syria Middle East conflict President Zelenskyy

Ukraine suffers largest cyberattack since 2022: Russian hackers disrupt key services

Fri, December 20, 2024 - 16:40
UA EN RU
Ukraine suffers largest cyberattack since 2022: Russian hackers disrupt key services Photo: Olha Stefanishyna, Deputy Prime Minister for European and Euro-Atlantic Integration (Vitalii Nosach/RBC-Ukraine)
Author: Danylo Kramarenko, Daria Dmytriieva

Ukraine was hit by one of the largest cyberattacks in recent times. Russian Hackers are behind Ii, affecting several services, including the Diia app, with suspected data breaches.

RBC-Ukraine reports what is known about the cyberattack and when the consequences might be mitigated.

Contents

  • Cyberattack on December 19: What happened

  • Affected services: Diia and others

  • When will registries be restored

  • Was there a data breach

  • Who's behind massive cyberattack on Ukraine

Cyberattack on December 19: What happened

Network infrastructure problems began yesterday morning. As a result, registries under the jurisdiction of the Ministry of Justice of Ukraine became inaccessible, as did the call center, websites of the Ministry of Justice, and the State Enterprise "National Information Systems" (which maintains the registries).

Amid these issues, there were widespread complaints about problems with the "Reserve+" application. The mobile app was slow to load, and users couldn’t log in or use its services. The Ministry of Defense referred to the issue as a technical failure.

Later, the unified public services portal Diia announced the suspension of registries, resulting in the unavailability of services related to the Unified State Register of Legal Entities, Individual Entrepreneurs, and Public Organizations; civil status acts registries; and registries of property rights and encumbrances of movable property.

The reason cited was updates to the Ministry of Justice registries and technical work by NAIS. At the time, NAIS indicated that state registries would remain unavailable at least until the end of the day.

Late in the evening, Deputy Prime Minister for European and Euro-Atlantic Integration and Minister of Justice Olga Stefanishyna stated that this was the most extensive cyberattack in recent times.

“It is now clear that the attack was carried out by Russians to disrupt the functioning of the state’s critical infrastructure,” she noted.

According to her, there were no threats to other resources (outside the Ministry of Justice). Initial restoration efforts are expected to take approximately two weeks, with a comprehensive analysis of the attack to follow once full functionality is restored.

Earlier, the Russian hacker group XakNet Team posted on Telegram, claiming to have breached the "National Information Systems" (NAIS) and downloaded all the databases of the Unified State Register of Legal Entities and Individual Entrepreneurs. The hackers also claimed to have breached infrastructure containing data from Ukraine’s Ministry of Justice and allegedly downloaded databases containing a billion rows of data. They further claimed to have deleted all information, not only there but also on overseas servers containing backup copies.

Affected services: Diia and others

As of midday on December 20, the NAIS website, the Ministry of Justice website, the Unified and state registries (around 60 different registries) remain offline.

"Diia was immediately disconnected from the registries after the cyberattack was detected. It was not affected, and the issue was quickly localized,” Prime Minister Denys Shmyhal said during the government’s question hour in the Verkhovna Rada.

Over 20 services in the Diia app are temporarily unavailable, including worker reservations, business registration, online marriage registrations, property ownership services, vehicle re-registration, "eRestoration," "eHousing," and many others. A full list is available via a link.

Some services are partially operational. MIA service centers have suspended ownership transfer services for vehicles but continue offering initial registration, LPG equipment installation, license plate orders, exams, and driver’s license replacement.

Russian propaganda is spreading disinformation that the cyberattack allegedly blocked access to Territorial Recruitment and Social Support Centers' databases. The Center for Countering Disinformation at the National Security and Defense Council claims that access to the "Oberig" database has not been lost, and the "Reserve+" app is operational.

Deputy Minister of Defense for Digitalization Kateryna Chernohorenko states that the uninterrupted operation of systems like "Oberig," "Army+," and "Reserve+" has been ensured.

“Services are functioning without interruptions. Electronic reports and documents remain accessible. However, there is a high volume of requests in the queue, so waiting for a document in 'Reserve+' may take longer than usual,” she noted.

The only temporary restriction is the suspension of deferment requests from mobilization in "Reserve+." Those obtained earlier remain valid and are correctly displayed in the app.

Despite the disruptions, all Civil Status Act Registration departments are operating normally. Registrations of births, deaths, marriages, and divorces are conducted as usual based on prior applications. However, certificates issued during the registry issues will need to be reissued for apostille purposes.

“All social benefits linked to civil status acts will be processed based on relevant applications and reviewed once the registries are restored,” Stefanishyna said.

According to her, all notarial actions not requiring registry access for data verification are being conducted on paper by state and private notaries. Actions such as registering and canceling wills, terminating inheritance contracts, and other services are performed without registry access.

When will registries be restored

Work is currently underway to restore the registries. “All data within the Ministry of Justice has been preserved and will be recovered. The registries will be restored, and all data will be restored. It’s a matter of time,” Stefanishyna said.

Today, she plans to present a government act that will disregard deadlines until the registries are fully restored. Real estate and business registrations will resume once the relevant registries are back online.

Starting Monday, December 23, the restoration of the unified notarial register, the register of special notarial document forms, and the inheritance register will begin. This will help minimize potential negative consequences.

“We aim to restore the full functionality of state registries within two weeks,” she added.

Was there a data breach

The personal data breach claimed by Russian hackers has not yet been confirmed.

“Just before the press conference, I received information from the head of the State Service for Special Communications and Information Protection. Data leakage has not been confirmed yet,” the Deputy Prime Minister said.

At the same time, the acting head of the Cybersecurity Department of the Security Service of Ukraine, Volodymyr Karastelyov, stated he could not entirely rule out a possible data breach.

“I cannot deny a data breach occurred; a relevant cyber investigation is underway. Once all necessary data is obtained, we will provide you with complete information,” he said.

Who's behind massive cyberattack on Ukraine

The Russian group XakNet Team identifies itself as "hacktivists," or so-called civic hackers. Previously, they claimed responsibility for attacks on the "Ukraine 24" channel and other cyber incidents.

The Security Service of Ukraine claims they are backed by Russian intelligence agencies. The attack was likely prepared over several months.

“The Security Service of Ukraine has opened a criminal case under several articles, including Article 438, Violation of Laws and Customs of War. The main version being investigated is that Russian intelligence agencies, particularly groups affiliated with the GRU, are behind this cyberattack,” Karastelyov said.

The previous largest attack on Ukrainian government websites occurred a week before Russia's full-scale invasion in February 2022. At that time, hackers "took down" government websites, ministry sites, and the Diia portal.

In a statement, the head of the State Special Communications Service, Oleksandr Potii, noted that the December 19 cyberattack once again highlighted that cyberspace is a full-fledged battlefield. Russian hackers are constantly improving their operations' tools, tactics, and strategies.

Sources: information from the Diia portal, the Facebook page of the National Information Systems state enterprise, statements by Deputy Minister of Defense for Digitalization Kateryna Chernohorenko, Vice Prime Minister for European and Euro-Atlantic Integration, Minister of Justice Olha Stefanishyna, and Acting Head of the Cybersecurity Department of the SSU Volodymyr Karastelov.

Follow RBC-Ukraine on WhatsApp Follow RBC-Ukraine on Twitter Follow RBC-Ukraine on Facebook
hackers Russia Ukraine War in Ukraine
NEWS
Ukrainian forces hit several key enemy targets, including two in Russia
Ukrainian forces hit several key enemy targets, including two in Russia
Russia's losses in Ukraine as of January 21: +1,600 troops and record amount of equipment
Russia's losses in Ukraine as of January 21: +1,600 troops and record amount of equipment