Kiev: The websites of Ukraine’s defense, foreign and interior ministries were unreachable or painfully slow to load Thursday morning after a punishing wave of distributed-denial-of-service attacks as Russia struck at its neighbor, explosions shaking the capital of Kyiv and other major cities.
In addition to DDoS attacks on Wednesday, cybersecurity researchers said unidentified attackers had infected hundreds of computers with destructive malware, some in neighboring Latvia and Lithuania.
Asked if the denial-of-service attacks were continuing Thursday morning, senior Ukrainian cyber defense official Victor Zhora did not answer. Are you serious? he texted. “There are ballistic missiles here.”
This is terrible. We need the world to stop it. Immediately, Zhora said of the offensive that Russian President Vladimir Putin announced in the pre-dawn hours.
Officials have long expected cyber attacks to precede and accompany any Russian military incursion. The combination of DDoS attacks, which bombard websites with junk traffic to render them unreachable, and malware infections hewed to Russia’s playbook of wedding cyber operations with real-world aggression.
ESET Research Labs said it detected a previously unseen piece of data-wiping malware Wednesday on hundreds of machines in the country. It was not clear how many networks were affected.
With regards whether the malware was successful in its wiping capability, we assume that this indeed was the case and affected machines were wiped, said ESET research chief Jean-Ian Boutin. He would not name the targets but said they were large organizations.
ESET was unable to say who was responsible. Symantec Threat Intelligence detected three organizations hit by the wiper malware — Ukrainian government contractors in Latvia and Lithuania and a financial institution in Ukraine, said Vikram Thakur, its technical director. Both countries are NATO members.
The attackers have gone after these targets without much caring for where they may be physically located, he said.
All three had close affiliation with the government of Ukraine, said Thakur, saying Symantec believed the attacks were highly targeted. He said roughly 50 computers at the financial outfit were impacted, some with data wiped.
Asked about the wiper attack on Wednesday, Zhora had no comment.
Boutin said the malware’s timestamp indicated it was created in late December. Russia likely has been planning this for months, so it is hard to say how many organizations or agencies have been backdoored in preparation for these attacks, said Chester Wisniewski, principal research scientist at the cybersecurity firm Sophos.
He guessed the Kremlin intended with the malware to send the message that they have compromised a significant amount of Ukrainian infrastructure and these are just little morsels to show how ubiquitous their penetration is.