In a recent development, Ukrainian officials have revealed that suspected Russian hackers have orchestrated a significant cyberattack on Ukraine’s state services. The attack specifically targeted Ukrainian state registers, which house a plethora of official records, ranging from citizens’ biometric data to property ownership records.
Following the cyberattack, access to the state registers was temporarily suspended by the Ministry of Justice for security reasons. The ministry cited a network infrastructure failure as the root cause of the disruption affecting approximately 60 state databases under its purview. Authorities in Ukraine have initiated an investigation into the cyber incident, with Deputy Prime Minister Olga Stefanishyna indicating that it may take up to two weeks to restore access to critical registers storing personal data and essential information.
Stefanishyna has unequivocally pointed the finger at Russian perpetrators, alleging that the attack was a deliberate act to destabilize Ukraine’s critical infrastructure. She further cautioned about potential disinformation campaigns aimed at sowing panic among Ukrainian citizens and the international community. The Ukrainian State Security Service (SBU) suspects Russian hackers associated with the military intelligence service (GRU) were behind the assault, citing the notorious Sandworm group as a likely culprit due to its history of cyberattacks targeting Ukraine.
Notably, a pro-Russian group named XakNet has claimed responsibility for the attack, asserting that they breached the Ministry of Justice’s infrastructure through a contractor managing the state registers. The hackers purportedly accessed and exfiltrated a vast amount of data from the registers before deleting primary and backup databases stored in servers located in Poland. The assertion by XakNet aligns with Russia’s strategy of employing hacktivist groups to obfuscate state-sponsored cyber operations and complicate attribution.
The repercussions of the cyberattack on Ukraine’s state registers are far-reaching, with potential delays in personal and business processes and heightened security vulnerabilities. The disruption could impede the functions of notaries, property transactions, and other essential services reliant on the state registers. While the investigation into potential data leaks is ongoing, officials have reiterated that data from the registers remains secure and will be restored promptly through existing backups.
The fallout from the attack has also led to disruptions in various Ukrainian digital services, including the military app Reserve+ and the e-government app Diia, affecting millions of users with suspended or restricted functionalities. The Ministry of Defense confirmed the disruption of military registration services, while the digital ministry highlighted the dependence of several services on state registers, leading to their unavailability during the restoration process.
In response to the cyber incident, Ukraine is contemplating legal action against the attackers, considering prosecuting the attack on state registers as a war crime. The prospect of pursuing justice at the International Criminal Court in The Hague mirrors previous efforts by Ukrainian authorities to hold Russian hackers accountable for cyberattacks. The State Service for Special Communications and Information Protection has emphasized the significance of cybersecurity in the modern battlefield, underscoring the need for vigilance and resilience against cyber threats.
As the investigation unfolds and efforts to restore normalcy continue, Ukrainian officials remain steadfast in addressing the aftermath of the cyberattack, underscoring the importance of safeguarding critical infrastructure and combating cyber threats in an increasingly volatile digital landscape.