Ukraine Defense Ministry and banks hit by cyberattack amid confusing signs about Russia’s intentions

February 16, 2022, 11:39 AM UTC
Updated February 24, 2022, 6:39 PM UTC

A cyberattack knocked the websites of the Ukrainian Defense Ministry and military as well as some Ukrainian banks offline on Tuesday evening, the Ukrainian government said. It was not immediately clear who was behind the attacks, which come amid continued diplomatic efforts to avert a potential Russian invasion.

The attacks hit two large Ukrainian banks, PrivatBank and Oschadbank, as well as the public-facing websites of the Defense Ministry and Ukrainian armed forces, the Ukrainian government said. The attacks, known as denial of service attacks, are designed to disable websites by flooding them with overwhelming volumes of web traffic.

The attacks were reason for alarm, especially given U.S. warnings that Russia might launch an invasion of Ukraine at any moment and that such an attack might be preceded by a devastating cyberattack designed to cripple the country’s communications networks and other critical infrastructure. Last week, the U.S. government had said that it believed Russian President Vladimir Putin had decided to invade Ukraine and said its intelligence had pointed to today as the planned day for an attack.

Cybersecurity experts said that the denial of service attacks appeared to be relatively unsophisticated and easy to mitigate, raising questions about who was behind the attacks and what their intentions might be. “Attackers know this will make the news and spark global controversy without delivering enough damage to spark an aggressive response from the victim,” said Justin Fier, director of cyber intelligence and analysis at U.K.-based cybersecurity firm Darktrace.

Fier said it was too early to attribute the attack and warned against the potential dangers of misattributing the attacks, especially given the extreme geopolitical tensions surrounding Russia and Ukraine. But he also said that Darktrace had often seen sophisticated hacking teams stage these kinds of denial of service attacks as a diversionary tactic, designed to distract the defender’s information security teams while the hackers lay the groundwork for more stealthy and potentially damaging attacks elsewhere in the network.

Similar denial of service attacks hit a number of key Ukrainian government websites last month.

The Ukrainian government said that Tuesday’s denial of service attack was “coordinated.” “We are facing completely unprecedented attacks,” Ukraine’s Digital Transformation Ministry tweeted. “The purpose of this attack was to sow panic and destabilize the situation.”

Confusing signs of Russia’s intentions

The news of the cyberattacks came during a day of confusing signals about Russian intentions. Russian President Vladimir Putin has massed as many as 150,000 troops on Ukraine’s borders and deployed a large fleet in the Black Sea, off the coast of Crimea. Putin said on Tuesday that Russia would “partially pull back” troops from positions near Ukraine’s borders and that it would seek a “diplomatic path.” U.S. President Joe Biden said he, too, was seeking a “diplomatic resolution,” but that the U.S. had not been able to verify any Russian troop withdrawals and that “an invasion remains distinctly possible.”

On Wednesday, the Russian Defense Ministry and Russian news agencies reported on a number of Russian units returning to barracks and being loaded back on to transport trains. British defense officials told reporters they had seen no signs of a Russian withdrawal but rather continued signs that might be consistent with a plan to invade, including some units continuing to move into forward staging areas and continued construction of field hospitals.

‘False flag’ operations?

Also on Wednesday, Russian news agency TASS reported that Ukrainian forces had begun shelling Donetsk, a region of eastern Ukraine that Russian-aligned separatists backed by Russian military units seized in 2014. It reported as well that security forces had found and defused an improvised explosive device planted in a park in Lugansk, another eastern Ukrainian region seized by Russian-speaking separatists in 2014. Neither report could be independently confirmed.

U.S. intelligence agencies have warned for several weeks that Russia has been considering “false flag” operations, in which it carries out an attack that can be falsely attributed to the Ukrainian side, as a pretext for a Russian invasion.

On Tuesday, the Russian legislature, the Duma, voted to ask Putin to officially recognize the two breakaway regions of eastern Ukraine, Donetsk and Lugansk, as independent states. Such recognition might make it easier for Russia to justify any invasion of Ukraine, perhaps by saying that its forces were invited in by the governments of these new states to help defend them.

Never miss a story: Follow your favorite topics and authors to get a personalized email with the journalism that matters most to you.