According to Ukrainian officials, a massive cyberattack on a Ukrainian internet service provider used by the country’s military occurred on Monday, fueling fears that Russia intends to use more dangerous digital weapons as the war enters its second month.
Some experts have called the cyberattack on Ukrtelecom PJSC one of the most dangerous since Russia invaded Ukraine on February 24. According to a statement from Ukraine’s State Service of Special Communication and Information Protection, which is responsible for cybersecurity in the country, Ukrainian officials said they had repelled the attack and that the company could restore services around 3:30 p.m. ET on Monday.
In its statement, the Ukrainian cyber agency did not say who was behind the cyberattack. Russian-linked hackers, according to security experts, have launched a series of cyberattacks against financial services companies, internet service providers, and government agencies since February, both before and after the February 24 invasion.
Russian officials have denied any involvement in cyber-attacks.
Ukrtelecom claims to be Ukraine’s largest landline telephone service provider. According to Doug Madory, director of Internet analysis at network-monitoring firm Kentik Inc., it is the country’s seventh-largest internet service provider.
According to data from the Georgia Institute of Technology’s Internet Outage Detection and Analysis project, which tracks internet blackouts, Ukrtelecom’s ability to connect to the internet to provide services to customers began to dwindle around 5 a.m. ET on Monday and gradually faded throughout the day. According to Mr. Madory, the company was almost completely offline within five hours.
According to the SSSCIP, the company began limiting service to the majority of its business and consumer customers after the attack began to preserve capacity for its military customers.
About 8% of the Ukrtelecom networks that the Georgia Tech internet outage project monitors were online as of 4:30 p.m. ET.
Ukrtelecom did not respond to requests for comment, but in a post on its Facebook page on Monday, the company acknowledged service outages and said it was working to restore stable service as soon as possible. Multiple groups that monitor internet traffic confirmed the outage. Network data showed “an ongoing and intensifying nation-scale disruption to service, which is the most severe registered since the Russian invasion,” according to Netblocks, an internet observatory that has tracked previous outages in Ukraine.
Last week, Ukraine’s Computer Emergency Response Team (CERT) revealed statistics showing the country had been subjected to 60 different cyberattacks. It said 11 had targeted government and local authorities, with 8 hitting military and law enforcement. Just 4 had hit telecoms and other tech companies. The majority of those cyberattacks focused on information gathering, though a series of “wiper” attacks aimed at destroying data on targeted computers have been launched across Ukrainian entities.
Because Russia is widely regarded as having some of the most capable state-sponsored hacking groups in the world, and Moscow has previously been blamed for launching cyberattacks that disrupted Ukraine’s government, electricity grid, and financial services, cybersecurity experts and US officials have been surprised by the lack of major disruptive or destructive cyberattacks during the Ukraine conflict.
The majority of malicious cyber activity has been limited to website service disruptions and the limited deployment of so-called wiper malware, which can delete computer files. Nonetheless, US officials have grown increasingly concerned that Moscow may retaliate in Ukraine or against the West as a result of its military struggles and harsh sanctions imposed by the US and Europe.
President Biden said last week that there was “evolving intelligence” that Russia was considering cyberattacks against the United States.
