The Ukrainian Defense Ministry and several state-backed banks were hit with distributed denial-of-service (DDoS) incidents or disruptions on Tuesday. The Defense Ministry website is down, and it confirmed that it was attacked, telling the public that it will be communicating through Twitter and Facebook.
"The MOU website was probably attacked by DDoS. An excessive number of requests per second were recorded. Technical works on restoration of regular functioning are being carried out," the Defense Ministry said on Tuesday afternoon.
NetBlocks, an organization tracking internet outages around the world, confirmed the loss of service to multiple banking and online platforms in Ukraine "in a manner consistent with a denial of service attack."
"Metrics indicate impact beginning from early Tuesday intensifying in severity over the course of the day. Work is ongoing to assess the incident, which is ongoing at the time of writing," the organization said.
Their data showed that service returned after about an hour or two of issues.
The Ukrainian Strategic Communications Center and Information Security also confirmed the attacks on the country's banks in a statement, telling the public that they too believed it was a DDoS attack.
"For the last few hours, Ukraine's largest state-owned bank, Privatbank, has been under a massive DDoS attack. Users of the bank's internet banking service Privat24 report problems with payments and the application in general," it said, adding that customers of Oschadbank were also reporting serious issues.
PrivatBank told the Strategic Communications Center and Information Security that no user funds have been stolen during the incident. The National Police later announced a criminal investigation into the DDoS incidents.
Russia has faced international backlash for troop buildups near Ukraine's border but has denied it plans to attack the country. US officials -- who will not share their intelligence with the press -- have repeatedly said a Russian attack is imminent. The US began evacuating almost all of the staff from its embassy in Kyiv this week, and Jake Sullivan, President Joe Biden's national security adviser, urged all Americans in Ukraine to leave as soon as possible.
Doug Madory, director of internet analysis at Kentik, said he analyzed some of the DDoS attacks and found that the targets include Mirohost (AS28907), which hosts the websites of the Ukraine Army.
"Additionally, there has been a sudden surge of traffic directed at Ukraine's largest bank, PrivatBank (AS15742) in recent hours," Madory said.
Christian Sorensen, former lead of the international cyber warfare team at US CYBERCOM, said the attacks are designed to ratchet up attention and pressure.
"It doesn't sound like much impact yet. In the coming hours/days, I would anticipate more activities to isolate and disrupt Ukrainian citizens and especially government activities," said Sorensen, who is now CEO of cybersecurity firm SightGain.
Both the National Cyber Security Centre (NCSC) in the UK and the Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings about the potential for cyberattacks against both Ukraine and its allies.
The Washington Post reported late on Tuesday that US officials believe hackers tied to the Russian government have already "broadly penetrated Ukrainian military, energy, and other critical computer networks."