Ukrainian institutions hit by 6,500 hack attacks, sees Russian ‘cyberwar’

A padlock is displayed at the Alert Logic booth during the 2016 Black Hat cyber-security conference

By Natalia Zinets

KIEV (Reuters) – Hackers have targeted Ukrainian state institutions about 6,500 times in the past two months, including incidents that showed Russian security services were waging a cyberwar against the country, President Petro Poroshenko said on Thursday.

In December, Ukraine suffered attacks on its finance and defense ministries and the State Treasury that allocates cash to government institutions. A suspected hack also wiped out part of Kiev’s power grid, causing a blackout in part of the capital.

“Acts of terrorism and sabotage on critical infrastructure facilities remain possible today,” Poroshenko said during a meeting of the National Security and Defence Council, according to a statement released by Poroshenko’s office.

The statement said the president stressed that “the investigation of a number of incidents indicated the complicity directly or indirectly of Russian security services waging a cyberwar against our country”.

Relations between Kiev and Moscow collapsed in 2014 following Russia’s annexation of Crimea and support for pro-Russian separatists in eastern Ukraine, where fighting continues despite a ceasefire agreement.

Among the 6,500 attacks Poroshenko said the country had been hit by, the attack on the State Treasury halted its systems for several days, meaning state workers and pensioners had been unable to receive their salaries or payments on time.

Cyber security firm CrowdStrike said last week a hacking group linked to the Russian government likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016.

Its findings are the latest to support a growing view among Western security officials and cyber security researchers that Russian President Vladimir Putin has increasingly relied on hacking to exert influence and attack geopolitical foes.

Russia has repeatedly denied hacking accusations.

Poroshenko’s comments come as the Obama administration plans to announce retaliatory measures against Russia for hacking into U.S. political institutions and individuals and leaking information in an effort to help Donald Trump win the presidency. Trump has dismissed the assessments of the U.S. intelligence community.

In December 2015, Ukrainian regional power company Prykarpattyaoblenergo reported an outage, saying the area affected included the regional capital Ivano-Frankivsk. Ukraine’s state security service blamed Russia.

Experts widely described that incident as the first known power outage caused by a cyber attack. The U.S. cyber firm iSight Partners identified the perpetrator as a Russian hacking group known as “Sandworm”.

As a result of the cyber attacks, Ukraine’s security council agreed measures to protect state institutions, the statement said. It did not disclose what the measures were.

(Writing by Matthias Williams; Editing by Alison Williams)

Ukraine investigates suspected cyber attack on Kiev power grid

Man poses in front of on a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica

By Pavel Polityuk

KIEV (Reuters) – Ukraine is investigating a suspected cyber attack on Kiev’s power grid at the weekend, the latest in a series of strikes on its energy and financial infrastructure, the head of the state-run power distributor said on Tuesday.

Vsevolod Kovalchuk, acting chief director of Ukrenergo, told Reuters that a power distribution station near Kiev unexpectedly switched off early on Sunday, leaving the northern part of the capital without electricity.

A Ukrainian security chief said last week that Ukraine needed to beef up its cyber defenses, citing a spate of attacks on government websites that he said originated in Russia.

Kovalchuk said the outage amounted to 200 megawatts of capacity, equivalent to about a fifth of the capital’s energy consumption at night.

“That is a lot. This kind of blackout is very, very rare,” Kovalchuk told Reuters by phone.

He said there were only two possible explanations for the accident: either a hardware failure or external interference.

The company’s IT specialists had found transmission data that had not been included in standard protocols, suggesting that external interference was the likeliest scenario.

SOMETHING NEW

Over the past month, Ukraine’s finance and defense ministries and the state treasury have said their websites had been temporarily downed by attacks aimed at disrupting their operations.

Kovalchuk said Ukraine’s state security service had joined the investigation. “There are no final conclusions yet about what it was, but experts say that this was something new and they have not encountered this before,” Kovalchuk said.

Last December, another Ukrainian regional power company Prykarpattyaoblenergo reported an outage, saying the area affected included the regional capital Ivano-Frankivsk. Ukraine’s state security service blamed Russia.

Experts widely described that incident as the first known power outage caused by a cyber attack. The U.S. cyber firm iSight Partners identified the perpetrator as a Russian hacking group known as “Sandworm.”

“The purpose of this Ukraine attack: Two options. Either it’s a show of power. Prove to the people of Ukraine that your government cannot protect you,” Mikko Hypponen, Chief Research Officer at F-Secure, told Reuters.

The other option is that there was something else happening at the same time and they needed this to be their cover or somehow to assist another operation to succeed as a result of the power outage, he added.

He said that during this year the cyber capabilities of the Russian government have done nothing but increase and we are seeing the beginnings of a new arms race, in both military and cyber activities.

“We are tracking several different, separate attack campaigns which we link back to different Russian intelligence agencies, and the targets are typically not just for sabotage, but for espionage,” he said.

“The vast majority of government attacks that we attributed to the Russian government are not about sabotage or disruption but about collecting intelligence and spying on foreign computer networks, and that has been increasing.”

(additional reporting by Oleg Vukmanovic in Milan, Editing by Matthias Williams and Ralph Boulton)