Ukraine hacks add to worries of cyber conflict with Russia

Jan 13, 2022, 10:40 AM | Updated: Jan 15, 2022, 8:45 pm
In this undated handout photo released by Ukrainian Foreign Ministry Press Service, the building of...

In this undated handout photo released by Ukrainian Foreign Ministry Press Service, the building of Ukrainian Foreign Ministry is seen during snowfall in Kyiv, Ukraine. Ukrainian officials and media reports say a number of government websites in Ukraine are down after a massive hacking attack. While it is not immediately clear who was behind the attacks, they come amid heightened tensions with Russia and after talks between Moscow and the West failed to yield any significant progress this week. (Ukrainian Foreign Ministry Press Service via AP)

(Ukrainian Foreign Ministry Press Service via AP)

KYIV, Ukraine (AP) — Hackers on Friday temporarily shut down dozens of Ukrainian government websites, causing no major damage but adding to simmering tensions while Russia amasses troops on the Ukrainian border. Separately, in a rare gesture to the U.S. at a time of chilly relations, Russia said it had arrested members of a major ransomware gang that targeted U.S. entities.

The events, though seemingly unrelated, came during a frenetic period of activity as the U.S. publicly accused Moscow of preparing a further invasion of Ukraine and of creating a pretext to do so. They underscored how cybersecurity remains a pivotal concern — that the escalating animosity risks not only actual violence but also damaging digital attacks that could affect Ukraine or even the U.S.

The White House said Friday that President Joe Biden had been briefed on the disruptions, which targeted about 70 websites of national and regional government bodies, but it did not indicate who might be responsible.

But even without any attribution of responsibility, suspicions were cast on Russia, with its history of peppering Ukraine with damaging cyberattacks. Ukraine’s Security Service, the SBU, said preliminary results of an investigation indicated involvement of “hacker groups linked to Russia’s intelligence services.” It said most of the websites had resumed operations, and that content was not altered and personal data not leaked. The SBU said the culprits “hacked the infrastructure of a commercial company that had access, with administrator privileges, to websites affected by the attack.”

The White House said it was still assessing the impact of the defacements but described it as “limited” so far. A senior administration official, meanwhile, said the White House welcomed news of the arrests in Russia of alleged ransomware gang members, an operation Moscow said was done at the request of U.S. authorities.

The official, who briefed reporters on condition of anonymity, said one of those arrested was linked to the hack of Colonial Pipeline that resulted in days of gas shortages in parts of the U.S. last year. The arrests are thought by the White House to be unrelated to the Russia-Ukraine tension, according to the official.

Russia’s past cyber operations against Ukraine include a hack of its voting system before 2014 national elections and of its power grid in 2015 and 2016. In 2017, Russia unleashed one of the most damaging cyberattacks on record with the NotPetya virus, which targeted Ukrainian businesses and caused more than $10 billion in damage globally. Moscow has previously denied involvement in cyberattacks against Ukraine.

Ukrainian cybersecurity professionals, aided by more than $40 million in U.S. State Department assistance, have been fortifying the defenses of critical infrastructure ever since. NATO Secretary-General Jens Stoltenberg said Friday the alliance will continue to provide “strong political and practical support” to Ukraine in light of the cyberattacks.

Experts say Russian President Vladimir Putin could use cyberattacks to destabilize Ukraine and other ex-Soviet countries that wish to join NATO without having to commit troops. Tensions between Ukraine and Russia are high, with Moscow amassing an estimated 100,000 troops near its extensive border with Ukraine.

“If you’re trying to use it as a stage and a deterrent to stop people from moving forward with NATO consideration or other things, cyber is perfect,” Tim Conway, a cybersecurity instructor at the SANS Institute, told the AP last week.

The main question for the website defacements is whether they’re the work of Russian freelancers or part of a larger state-backed operation, said Oleh Derevianko, a leading private sector expert and founder of the ISSP cybersecurity firm.

A message posted by the hackers in Russian, Ukrainian and Polish claimed Ukrainians’ personal data had been placed online and destroyed. It told Ukrainians to “be afraid and expect the worst.” In response, Poland’s government noted Russia has a long history of disinformation campaigns and that the Polish in the message was error-ridden and clearly not from a native speaker.

Researchers from the global risk think tank Eurasia Group said the Ukraine defacements don’t “necessarily point to an imminent escalation of hostilities by Russia” — they rank low on its ladder of cyber options. They said Friday’s attack amounts “to trolling, sending a message that Ukraine could see worse to come.”

The defacements followed a year in which cybersecurity became a top concern because of a Russian-government cyberespionage campaign targeting U.S. government agencies and ransomware attacks launched by Russia-based criminal gangs.

On Friday, Russia’s Federal Security Service, or FSB, announced the detention of members of the REvil ransomware gang. The group was behind last year’s Fourth of July weekend supply-chain attack targeting the software firm Kaseya, which crippled more than 1,000 businesses and public organizations globally.

The FSB claimed to have dismantled the gang, but REvil effectively disbanded in July. Cybersecurity experts say its members largely moved to other ransomware syndicates. They cast doubt Friday on whether the arrests would significantly affect ransomware gangs, whose activities have only moderately eased after high-profile attacks on critical U.S. infrastructure last year, including the Colonial Pipeline.

The FSB said it raided the homes of 14 group members and seized over 426 million rubles ($5.6 million), including in cryptocurrency, as well as computers, crypto wallets and 20 elite cars “bought with money obtained by criminal means.” All those detained have been charged with “illegal circulation of means of payment,” a criminal offense punishable by up to six years in prison. The suspects weren’t named.

According to the FSB, the operation was conducted at the request of U.S. authorities, who had identified the group’s leader. It’s the first significant public action by Russian authorities since Biden warned Putin last summer that he needed to crack down on ransomware gangs.

Experts said it was too early to know if the arrests signal a major Kremlin crackdown on ransomware criminals — or if they may just have been a piecemeal effort to appease the White House.

“The follow-through on sentencing will send the strongest signal one way or another as to IF there has truly been a change in how tolerant Russia will be in the future to cyber criminals,” Bill Siegel, CEO of the ransomware response firm Coveware, said in an email.

Yelisey Boguslavskiy, research director at Advanced Intelligence, said those arrested are likely low-level affiliates — not the people who ran the ransomware-as-a-service, which disbanded in July. REvil also apparently ripped off some affiliates so it had enemies in the underground, he said.

REvil’s attacks crippled tens of thousands of computers worldwide and yielded at least $200 million in ransom payments, Attorney General Merrick Garland said in November when announcing charges against two hackers affiliated with the gang.

Such attacks drew significant attention from law enforcement officials around the world. Hours before the U.S. announced its arrests, European law enforcement officials revealed the results of a months-long, 17-nation operation that yielded the arrests of seven hackers linked to REvil and another ransomware family.

The AP reported last year that U.S. officials, meanwhile, shared a small number of names of suspected ransomware operators with Russian officials.

Brett Callow, a ransomware analyst with the cybersecurity firm Emsisoft, said whatever Russia’s motivations may be, the arrests would “certainly send shockwaves through the cybercrime community. The gang’s former affiliates and business associates will invariably be concerned about the implications.”

___

Bajak reported from Boston, Litvinova reported from Moscow and Tucker reported from Washington. Catherine Gaschka in Brest, France, and Alan Suderman in Richmond, Virginia, contributed to this report.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Members of Ukraine's Territorial Defense Forces, volunteer military units of the Armed Forces, trai...
Associated Press

Russia rejects UK claim of trying to replace Ukraine leader

MOSCOW (AP) — Russia’s Foreign Ministry on Sunday rejected a British claim that Russia was seeking to replace Ukraine’s government with a pro-Moscow administration, and that former Ukrainian lawmaker Yevheniy Murayev was being considered as a potential candidate. Britain’s Foreign Office on Saturday also named several other Ukrainian politicians it said had links with Russian […]
1 day ago
A villager, dressed in a traditional bear costume, celebrates the Malanka festival in the village o...
Associated Press

AP PHOTOS: Ukrainians observe pagan-rooted new year festival

KRASNOILSK, Ukraine (AP) — Dressed as goats, bears, oxen and cranes, many Ukrainians ring in the new year in the colorful rituals of the Malanka holiday. Malanka, which draws on pagan folk tales, marks the new year according to the Julian calendar, meaning it falls on Jan. 13-14. In the festivities, celebrants go from house […]
1 day ago
A man repairs a 10-meter wooden row boat, built in the Nordic clinker boat tradition, at the Viking...
Associated Press

UNESCO lists Viking-era wooden sailboats on heritage list

ROSKILDE, Denmark (AP) — For thousands of years, wooden sailboats allowed the peoples of Northern Europe to spread trade, influence and sometimes war across seas and continents. In December, the U.N.’s culture agency added Nordic “clinker boats” to its list of traditions that represent the Intangible Cultural Heritage of Humanity. Denmark, Finland, Iceland, Norway and […]
1 day ago
Migrants gather near the Hungarian border, outside of the village of Martonosh, Serbia, Thursday, J...
Associated Press

Migrants at Hungary border become part of election campaign

MAJDAN, Serbia (AP) — A group of migrants huddles beside a small, smoky fire inside an abandoned building in northern Serbia, the last moments of warmth before they set out into the driving snow toward the razor wire, cameras and sensors of Hungary’s electrified border fence. A few hours later, they return, their efforts to […]
1 day ago
Associated Press

Today in History

Today in History Today is Sunday, Jan. 23, the 23rd day of 2022. There are 342 days left in the year. Today’s Highlight in History: On Jan. 23, 2020, Chinese state media said the city of Wuhan would be shutting down outbound flights and trains, trying to halt the spread of a new virus that […]
1 day ago
Aleena Mir, a journalist with Kashmir Walla, records the news bulletin inside a studio of her offic...
Associated Press

In Kashmir, India batters press freedom — and journalists

SRINAGAR, India (AP) — For five years, Sajad Gul wrote about conflict wracking his homeland, a disputed Himalayan territory where a violent armed rebellion and India’s brutal counterinsurgency have raged for over three decades. That changed on a snowy Wednesday night in January with a knock at his house. Gul was surrounded by Indian soldiers […]
1 day ago

Sponsored Articles

...

Compassion International Is Determined to ‘Fill’ a Unique Type of Football ‘Stadium’

Compassion International SPONSORED — During this fall’s football season—and as the pandemic continues to impact the entire globe—one organization has been urging caring individuals to help it “fill” a unique type of “stadium” in order to make a lasting difference in the lives of many. Compassion International’s distinctive Fill the Stadium (FtS, fillthestadium.com) initiative provides […]
...

What are the Strongest, Greenest, Best Windows?

Lake Washington Windows & Doors SPONSORED — Fiberglass windows are an excellent choice for window replacement due to their fundamental strength and durability. There is no other type of window that lasts as long as fiberglass; so why go with anything else? Fiberglass windows are 8x stronger than vinyl, lower maintenance than wood, more thermally […]
...

COVID Vaccine is a Game-Changer for Keeping our Kids Healthy

Snohomish Health District SPONSORED — Cheers to the parents and guardians who keep their kids safe and healthy. The dad who cooks a meal with something green in it, even though he’s tired and drive-thru burgers were tempting. The mom who calms down the little one who loudly and resolutely does NOT want to brush […]
...
Experience Anacortes

Coastal Christmas Celebration Week in Anacortes

With minimal travel time required and every activity under the sun, Anacortes is the perfect vacation spot for all ages.
...

Delayed-Onset PTSD: Signs and Symptoms

Lakeside-Milam Recovery Centers SPONSORED — You’re probably familiar with post-traumatic stress disorder. Often abbreviated as PTSD, this condition is diagnosed when a person experiences a set of symptoms for at least a month after a traumatic event. However, for some people, these issues take longer to develop. This results in a diagnosis of delayed-onset PTSD […]
...

Medicare open enrollment ends Dec. 7. Free unbiased help is here!

Washington State Office of the Insurance Commissioner SPONSORED — Medicare’s Open Enrollment Period, also called the Annual Election Period, is Oct. 15 to Dec. 7. During this time, people enrolled in Medicare can: Switch from Original Medicare to a Medicare Advantage plan and vice versa. Join, drop or switch a Part D prescription drug plan, […]
Ukraine hacks add to worries of cyber conflict with Russia