KYIV – After days of unsuccessful negotiations between the US, NATO, and Russia, hackers took down dozens of Ukrainian government websites and posted an ominous warning on several for the country to “be afraid and expect worse.”
The cyberattack occurred overnight on Thursday and Friday morning, and it took down more than a dozen official websites, disrupting government work and raising questions about whether Russia was signaling that a new offensive against Ukraine was getting underway.
Oleh Nikolenko, a spokesperson for Ukraine’s foreign ministry, told BuzzFeed News that government specialists were working to restore the websites Friday morning and the Ukrainian Cyberpolice Department had opened a criminal investigation. “It’s too early to draw conclusions,” he said. "We are assessing the damage caused by the attack."
But some in Ukraine’s government see Russian fingerprints all over the attack and are already blaming Moscow, which has massed around 100,000 soldiers near the Ukrainian borders and threatened a “military response” against its neighbor unless the US and NATO concede to its demands.
“It’s pretty obvious [Russia is responsible] because hardly anyone else has the motive for such actions,” a Ukrainian official told BuzzFeed News on condition of anonymity because they weren’t authorized to speak on the sensitive matter.
Andriy Yermak, President Volodymyr Zelensky’s chief of staff, during an online event with the Atlantic Council think tank, stopped short of accusing Russia of the cyberattack by name but suggested that it had a role in it. “It’s one of the potential parts of the destabilization of Ukraine,” he said.
Officials in Russia didn't immediately return a request for comment.
Ukrainian and US officials have warned that if Russia were to launch a fresh invasion of Ukraine it would likely do so in conjunction with cyberattacks and disinformation campaigns. White House national security adviser Jake Sullivan told reporters Thursday that the US intelligence community has information that suggests Russia is laying the groundwork to fabricate a pretext for invading Ukraine.
A source with knowledge of recent cybersecurity initiatives in Ukraine told BuzzFeed News hours before the cyberattack that Kyiv and Washington had recently seen a “substantial uptick” in Russian cyber activity targeting Ukrainian systems and planting malware.
The source said there was evidence to show the malware was designed to be planted and remain idle until a command would be given by the hackers behind it. “So they don’t need to hack anything when the [shooting] war starts. … The hack already happened,” the source explained. “They just push the button.”
“We call this preparing the battlefield,” the source said.
Most of the Ukrainian websites targeted late Thursday and early Friday registered error messages when visited. But hackers replaced the homepage on the Ministry of Foreign Affairs’ website with a message written in Ukrainian, Russian, and Polish. “[Every] Ukrainian!” it said. “All information about you has become public, be afraid and expect the worst. This is for your past, present and future.”
The message also included references to Ukrainian nationalist fighters in World War II and atrocities committed by them against Poles at the time, which has been a point of tension between the two countries despite their close relationship. Some Ukrainians saw that as a ruse to blame Warsaw for the attack.
The Cyberpolice Department said it is working with the State Special Communications Service and the Security Service of Ukraine “to collect digital evidence and identify those involved in the cyber attacks.” No personal or official government data was stolen in the attack, it added.
Ukraine has been the target of several large-scale cyberattacks since 2014, the year Russia forcibly annexed Crimea and fomented the armed conflict in eastern Ukraine. Kyiv has repeatedly insisted that the attacks are part of Moscow’s “hybrid war” — a combination of cyberwarfare, disinformation, and conventional military warfare — against it. Russia has denied responsibility for the cyberattacks.
Past incidents saw attacks on the Ukrainian power grid, government agencies, transportation systems, and businesses. A 2017 attack known as NotPetya emanated in Kyiv but quickly spread to companies across the globe, causing significant damage.
The New York Times reported last month that the US and UK had sent experts to Kyiv to help Ukraine on the cyber front, foreseeing the likelihood of cyberattacks as Russia ratcheted up tensions with its neighbor.
President Vladimir Putin has gathered some 100,000 troops and heavy artillery around the border of Ukraine, raising concern in Kyiv and Western capitals that the Kremlin might be preparing to invade anew. Moscow has denied it is prepping for an attack and said that what it does with its military within its borders is its business.
High-stakes discussions between the US, NATO, and Russia in Geneva, Brussels, and Vienna this week failed to secure a deal to see Moscow pull back its troops and military equipment.
Russian Deputy Foreign Minister Sergei Ryabkov told reporters Thursday that Washington and NATO “are not ready to meet" Russia's "key requirements.” Among those is a guarantee that Ukraine can never join the western military alliance. The US and Ukraine have called the demand a non-starter.
Ryabkov and other Russian government officials said further talks would be useless.
NATO Secretary-General Jens Stoltenberg delivered an ominous warning following a meeting with the Russians in Brussels on Wednesday. “There is a real risk for new armed conflict in Europe,” he said.