US, UK say Russian government responsible for cyberattack on Ukraine

SolarWinds hackers. (Pop Nukoonrat/Dreamstime/TNS)

This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.

The United States and Great Britain have accused Russia of being behind the February 15 cyberattacks on Ukraine’s Defense Ministry and banking system.

Anne Neuberger, the White House’s chief cyber official, told reporters on February 18 that “we believe the Russian government is responsible for widespread cyberattacks on Ukrainian banks this week.”

Neuberger said U.S. officials decided to quickly go public with the information on the cyberattack because of the urgency of the situation, given Russia’s massive buildup of troops along the Ukrainian border.

Neuberger said U.S. experts had obtained data showing that infrastructure connected with Russia’s GRU military intelligence agency “was seen transmitting high volumes of communication to Ukraine-based IP addresses and domains.”

At the same time as the U.S. announcement, officials in Britain said the GRU was “almost certainly involved” in the DDoS attack, which floods targeted websites with an overwhelming amount of data.

“The attack showed a continued disregard for Ukrainian sovereignty,” Britain’s Foreign Commonwealth and Development Office said in a statement. “This activity is yet another example of Russia’s aggressive acts against 101Ukraine.”

U.S. and other Western officials and experts have long blamed Russia for a spate of hacking efforts in recent years, either from state-backed or private, criminal groups. The Kremlin denies any state involvement.

The Ukrainian government on February 15 said the websites of its armed forces and several ministries and banks were crippled by a cyberattack.

The website of the Defense Ministry “probably suffered DDoS (distributed denial-of-service) attacks when an excessive number of requests per second was recorded,” the ministry said on Twitter.

The ministry was one of at least 10 Ukrainian websites that stopped working due to DDoS attacks, AP reported. It said the Foreign Ministry and the Culture Ministry were among the others affected.

A communication and information security center within the Ministry of Culture and Information Policy at the time did not say who it suspected was behind the attack, but a statement implied that it believed Russia was the culprit.

“It is not ruled out that the aggressor used tactics of little dirty tricks because its aggressive plans are not working out on a large scale,” it said.

Relations between Western countries and Russia remain on edge due to at least 130,000 troops deployed near the border with Ukraine, prompting fears of war. Moscow has denied that it plans an invasion as efforts to resolve the crisis diplomatically continue.

At least two banks, Privatbank and Oschadbank, were also targeted by cyberattacks on February 15. Privatbank’s outages were caused by a DDoS attack, the center said.

Neuberger said earlier this month that Russia could use cyberattacks as part of its efforts to destabilize and further invade Ukraine.

Two U.S. technology companies — Microsoft and Palo Alto Networks — on February 4 said a hacking team that Ukraine says is controlled by Russian intelligence has targeted a wide range of organizations in the country.