Hacking Incident Leaves Ukraine’s State Registers Offline
A large-scale cyberattack, believed to have been orchestrated by Russian hackers, has paralyzed Ukraine’s state registers, causing a major disruption in citizens’ access to crucial services tied to their digital records. The Ministry of Justice, responsible for managing approximately 60 state databases, reported that the cyberattack has severely interrupted the electronic registration of vital events such as births, marriages, and deaths. As a result, these records are currently being processed manually on paper until access to the state registers is restored, at which point the data will be transferred back into the electronic system.
Despite the setbacks caused by the cyberattack, the Ministry disclosed that over 1,400 Ukrainian couples managed to register their marriages in the past week. However, all real estate transactions in Ukraine, including purchase-sale agreements, leases, gift transfers, and mortgage contracts, have been put on hold as they rely on data from state registers containing personal information of citizens, legal entities, and property rights.
Ukrainian Deputy Prime Minister for European and Euro-Atlantic Integration, Olga Stefanishyna, has estimated that it will take around two weeks to fully restore access to these crucial registers. In response to the incident, the Ukrainian government has extended current military draft deferments for one month without requiring digital renewal, acknowledging the impact of the hack on services reliant on state register data.
Other critical operations impacted by the cyberattack include trading on Ukraine’s stock exchange, the appointment of civil servants and judges, as well as the progress of specific court cases dependent on information from the registers. The exact economic cost of the cyberattack and its subsequent disruption of essential services remains uncertain.
The Ministry of Justice has already initiated the recovery process and assured the public that all information will be restored, as backups are in place. However, the hacker group XakNet, claiming responsibility for the attack, stated they had deleted both primary databases and backup copies stored on servers in Poland. Local state officials have been tight-lipped about the incident, citing the sensitivity of the issue.
Oleksandr Fedienko, head of the cybersecurity subcommittee in Ukraine’s parliament, suggested that the hackers may have gained access to the system through phishing emails or by incentivizing an employee with access to the registers. The Ukrainian cyber agencies leading the investigation have refrained from disclosing the initial access vector utilized by the attackers.
In a concerning development, Ukraine’s state security service (SBU) suspects Russian hackers associated with the country’s military intelligence service (GRU) are behind the cyberattack on the state registers. Sandworm, a group with alleged ties to the GRU and known for conducting major cyberattacks on Ukraine, including the 2023 hack of Kyivstar, Ukraine’s largest telecom operator, is among the threat actors under scrutiny.
Fedienko emphasized that the attack on the state registers was meticulously planned and required significant organizational efforts to execute. Acting head of the SBU’s cybersecurity department, Volodymyr Karastelov, further posited that the hackers likely spent several months preparing for the assault on the registers, underscoring the sophisticated nature of the cyber incident.