Ukraine Ministry of Defense confirms DDoS attack; state banks lose connectivity

The websites of Ukraine's defense ministry as well as state banks Privatbank and Oschadbank were down on Tuesday due to an alleged DDoS attack.
Written by Jonathan Greig, Contributor

The Ukrainian Defense Ministry and several state-backed banks were hit with distributed denial-of-service (DDoS) incidents or disruptions on Tuesday. The Defense Ministry website is down, and it confirmed that it was attacked, telling the public that it will be communicating through Twitter and Facebook. 

"The MOU website was probably attacked by DDoS. An excessive number of requests per second were recorded. Technical works on restoration of regular functioning are being carried out," the Defense Ministry said on Tuesday afternoon.

The confirmation came as residents of Ukraine reported issues with some ATMs and banking services at State Savings Bank, PrivatBank, and Oschadbank. 

NetBlocks, an organization tracking internet outages around the world, confirmed the loss of service to multiple banking and online platforms in Ukraine "in a manner consistent with a denial of service attack."

"Metrics indicate impact beginning from early Tuesday intensifying in severity over the course of the day. Work is ongoing to assess the incident, which is ongoing at the time of writing," the organization said. 

Their data showed that service returned after about an hour or two of issues. 

The Ukrainian Strategic Communications Center and Information Security also confirmed the attacks on the country's banks in a statement, telling the public that they too believed it was a DDoS attack. 

"For the last few hours, Ukraine's largest state-owned bank, Privatbank, has been under a massive DDoS attack. Users of the bank's internet banking service Privat24 report problems with payments and the application in general," it said, adding that customers of Oschadbank were also reporting serious issues.  

PrivatBank told the Strategic Communications Center and Information Security that no user funds have been stolen during the incident. The National Police later announced a criminal investigation into the DDoS incidents. 

The attack came as Russia announced a partial troop withdrawal from areas near Ukraine's border. Russian President Vladimir Putin also said on Tuesday that he was interested in security discussions with the United States and NATO.

Russia has faced international backlash for troop buildups near Ukraine's border but has denied it plans to attack the country. US officials -- who will not share their intelligence with the press -- have repeatedly said a Russian attack is imminent. The US began evacuating almost all of the staff from its embassy in Kyiv this week, and Jake Sullivan, President Joe Biden's national security adviser, urged all Americans in Ukraine to leave as soon as possible. 

Doug Madory, director of internet analysis at Kentik, said he analyzed some of the DDoS attacks and found that the targets include Mirohost (AS28907), which hosts the websites of the Ukraine Army. 

"Additionally, there has been a sudden surge of traffic directed at Ukraine's largest bank, PrivatBank (AS15742) in recent hours," Madory said. 

Kentik/Doug Madory

Christian Sorensen, former lead of the international cyber warfare team at US CYBERCOM, said the attacks are designed to ratchet up attention and pressure. 

"It doesn't sound like much impact yet. In the coming hours/days, I would anticipate more activities to isolate and disrupt Ukrainian citizens and especially government activities," said Sorensen, who is now CEO of cybersecurity firm SightGain. 

"The purpose at this stage is to increase leverage in negotiations. The next stage will be impactful and continue deterrence for other countries to get involved." 

Biden responded forcefully to reports of a wide-ranging cyberattack on Ukrainian government systems in January, telling reporters that the US would respond with its own cyberattacks if Russia continues to target Ukraine's digital infrastructure.  

Biden's comments came after Ukrainian officials told journalist Kim Zetter that dozens of systems within at least two government agencies were wiped during a cyberattack in January. Microsoft released a detailed blog about the wiping malware, named "WhisperGate," and said it was first discovered on January 13. 

The wipers were launched days after more than 70 Ukrainian government websites were defaced by groups allegedly associated with Russian secret services

Both the National Cyber Security Centre (NCSC) in the UK and the Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings about the potential for cyberattacks against both Ukraine and its allies. 

The Washington Post reported late on Tuesday that US officials believe hackers tied to the Russian government have already "broadly penetrated Ukrainian military, energy, and other critical computer networks." 

Editorial standards