According to the White House, the outages affected around 70 national and regional government websites.
Hackers momentarily pulled down dozens of Ukrainian government websites on Friday, causing no substantial harm but escalating tensions as Russia amasses soldiers on the Ukrainian border. Separately, in an unusual gesture to the United States at a period of strained relations, Russia announced the arrest of members of a large ransomware group that targeted US firms.
The episodes, albeit seemingly unrelated, occurred during a frenzy of activity in which the US publicly accused Moscow of plotting a new invasion of Ukraine and inventing a justification for doing so. They emphasised how cybersecurity remains a critical worry, warning that the increasing hostility threatens not just physical bloodshed but also destructive cyberattacks that might impact Ukraine or perhaps the United States.
The White House said Friday that President Joe Biden had been briefed on the interruptions, which targeted around 70 websites of national and regional government entities, although it did not say who was to blame.
Despite the lack of attribution, suspicions were put on Russia, which has a history of peppering Ukraine with devastating cyberattacks. The SBU, Ukraine’s security service, claimed preliminary inquiry results suggested the participation of “hacker organisations affiliated to Russia’s intelligence agencies.” It stated that the majority of the websites had resumed operations, that the material had not been changed, and that no personal data had been released. According to the SBU, the perpetrators “hacked the infrastructure of a commercial business that had administrator access to websites targeted by the attack.”
The White House stated that it was still examining the impact of the defacements, but that it was “minimal” thus far. Meanwhile, a senior administration official said the White House appreciated news of the arrests of accused ransomware gang members in Russia, which Moscow said was done at the behest of US officials.
According to the official, who briefed reporters on the condition of anonymity, one of those detained was tied to the Colonial Pipeline attack, which resulted in days of gas shortages in portions of the United States last year. According to the person, the White House believes the arrests have nothing to do with the Russia-Ukraine conflict.
Russia’s previous cyber operations against Ukraine include a compromise of its voting system prior to the 2014 national elections, as well as a hack of its power grid in 2015 and 2016. With the NotPetya virus, Russia unleashed one of the most catastrophic cyberattacks on record in 2017, causing more than $10 billion (approximately Rs.74387 crore) in global damage. Previously, Moscow denied any role in cyberattacks against Ukraine.
Since then, Ukrainian cybersecurity specialists have been bolstering critical infrastructure defences with the help of more than $40 million (approximately Rs. 296.625) in US State Department support. In light of the cyberattacks, NATO Secretary-General Jens Stoltenberg said Friday that the alliance will continue to give “strong political and practical assistance” to Ukraine.
According to experts, Russian President Vladimir Putin may employ cyberattacks to destabilise Ukraine and other ex-Soviet nations that want to join NATO without committing troops. Tensions between Ukraine and Russia are high, with Moscow mobilising an estimated 100,000 troops along Ukraine’s vast border.
“If you’re trying to use it as a stage and a deterrent to dissuade people from moving on with NATO consideration or other things, cyber is ideal,” Tim Conway, a cybersecurity lecturer at the SANS Institute, told the Associated Press last week.
According to Oleh Derevianko, a top private sector expert and founder of the ISSP cybersecurity business, the primary question for the website defacements is whether they are the work of Russian freelancers or part of a broader state-backed operation.
According to a statement released by the hackers in Russian, Ukrainian, and Polish, personal data of Ukrainians had been put online and destroyed. It warned Ukrainians to “be afraid and prepare for the worst.” Poland’s government responded by pointing out that Russia has a long history of misinformation tactics and that the Polish in the letter was sloppy and definitely not from a native speaker.
The Ukraine defacements, according to researchers at the global risk think tank Eurasia Group, do not “necessarily hint to an impending escalation of hostilities by Russia” – they rank low on its cyber options ladder. According to them, Friday’s strike was “trolling, delivering a warning that Ukraine might witness worse to come.”
The defacements came after a year in which cybersecurity became a key priority as a result of a Russian-sponsored cyberespionage operation targeting US federal institutions and ransomware assaults conducted by Russia-based criminal gangs.
The Russian Federal Security Service, or FSB, reported the capture of members of the REvil ransomware ring on Friday. Last year’s Fourth of July weekend supply-chain attack on the software provider Kaseya damaged more than 1,000 companies and public organisations around the world.
The FSB stated that the gang had been dissolved, but REvil essentially disintegrated in July. According to cybersecurity specialists, its members have mostly moved on to other ransomware syndicates. They questioned if the arrests would have a meaningful impact on ransomware gangs, whose operations have only modestly slowed since high-profile assaults on important US infrastructure, such the Colonial Pipeline, last year.
The FSB claimed it raided 14 group members’ houses and confiscated about RUB 426 million (approximately Rs. 41.66 crore), including cryptocurrencies, as well as laptops, crypto wallets, and 20 luxury automobiles “purchased with money gained through illicit methods.” All of those arrested have been charged with “illegal circulation of means of payment,” a felony punishable by up to six years in jail.
The operation was carried out at the request of US officials, who had identified the group’s commander, according to the FSB. It’s the first major public step by Russian authorities since Vice President Joe Biden told Putin last summer that he needed to crack down on ransomware groups.
Experts said it was too early to tell whether the arrests were part of a larger Kremlin crackdown on ransomware offenders, or whether they were simply a piecemeal effort to satisfy the White House.
“The follow-through on sentence will give the biggest signal one way or the other as to IF there has genuinely been a change in how tolerant Russia will be in the future to cyber criminals,” said Bill Siegel, CEO of ransomware response firm Coveware, via email.
According to Yelisey Boguslavskiy, research director at Advanced Intelligence, those detained are likely low-level associates rather than those who managed the ransomware-as-a-service, which was dissolved in July. REvil also appears to have ripped off some affiliates, giving it adversaries in the underground, he claims.
REvil’s attacks destroyed tens of thousands of machines worldwide and netted at least $200 million (approximately Rs. 1487.73 crore) in ransom payments, according to Attorney General Merrick Garland, who announced charges against two of the gang’s members in November.
These kind of assaults received a lot of attention from law enforcement officials all across the world. European law enforcement officials released the findings of a months-long, 17-nation investigation that resulted in the arrests of seven hackers tied to REvil and another ransomware family, just hours before the US announced its arrests.
According to the Associated Press, US officials provided a limited number of identities of suspected ransomware operators with Russian officials last year.
Whatever Russia’s reasons, said Brett Callow, a ransomware analyst with the cybersecurity firm Emsisoft, the arrests would “definitely send shockwaves across the criminal community.” Former affiliates and business acquaintances of the gang will undoubtedly be concerned about the repercussions.”