NSDC: Attack on government websites is a cover for hackers’ more destructive actions

Author

Olga Krotovska

A massive cyberattack on dozens of Ukrainian government websites could have been a cover for more destructive hacking that took place in parallel. Cybersecurity experts and hacktivists have made an assumption that the attack was more serious than previously thought and that it may have destroyed some government data, dev.ua reports.

Serhii Demediuk, Deputy Secretary of the National Security and Defense Council, assumed in an interview with Reuters that the cyber-espionage group UNC1151, "affiliated with the special services of the Republic of Belarus," was responsible for the attack.

"The damage to the sites was just a cover for more destructive actions that took place behind the scenes and the consequences of which we will feel in the near future," Demediuk stated.

He added that the group had experience in attacks on Lithuania, Latvia, Poland, and Ukraine. According to him, it had previously spread narratives condemning NATO's presence in Europe.

The Ministry of Digital Transformation reported that they could "with a high probability assert that a so-called supply chain attack has occurred — an attack." The attackers hacked the infrastructure of a commercial company that had had administrative access to the web resources affected by the attack. What kind of company the Ministry means is not disclosed.

Kitsoft, which had developed the government websites, noted that the attack was complex and comprehensive, and its purpose was to destabilize and tense the situation in the country. The company's website is still down.

"At the moment, our specialists have recorded that not only sites developed by Kitsoft were affected, but others as well: https://check.gov.ua/, https://court.gov.ua/, https://www. dsns.gov.ua/, https://e-driver.hsc.gov.ua/, https://e-journal.iea.gov.ua/, http://gov.ua/, https:// mail.gov.ua/, https://www.minregion.gov.ua/ ," is stated in the company’s report.

Microsoft, which had conducted its own investigation into the incident, concluded that "malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom."

What consequences are already being felt?

On January 14, the Motor Transport Insurance Bureau of Ukraine (MTIBU) reported difficulties with the online issuance of an electronic policy. So far, Ukrainians cannot buy automobile liability insurance and Green Card electronically or check their validity.

"We've found out that a number of MTIBU’s external information resources were lost as a result of a cyber attack. The register containing the personal data of millions of Ukrainian car owners is not damaged. In the near future, it will have to resume its work, for which MTIBU’s specialists are deploying a new "clean" information infrastructure," the State Service of Special Communication and Information Protection states.

Context. On the night of January 13-14, hackers attacked about 70 government websites and the portal Diia.

The Ministry of Digital Transformation suspects Russia of the attack.

"According to the Center for Strategic Communications and Information Security, all evidence now points to Russia being behind the cyber attack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspace," is stated in the Ministry’s report.