“The largest DDoS attack in Ukraine’s history,” according to the digital transformation minister Mykhailo Fyodorov, took place this past Tuesday, Feb. 15 — just one month after a previous attack.
The attack targeted the websites of the defense ministry and armed forces as well as two of Ukraine’s two largest banks – PrivatBank and Oschadbank. Starting at 3pm that day, the sites of these banks could not be accessed and issues were reported with their payments and apps.
However, PrivatBank “managed to eliminate the consequences of the DDOS attack and restore the stable operation of the systems,” the bank stated later that day. A similar statement was published by Oschadbank.
Similar attacks targeted the Diia e-governance portal as well as several other banks, including Monobank, Alfa Bank and A-Bank.
The defense ministry said the “unprecedented” attack continued into Wednesday.
Ukraine immediately said it suspected Russia was behind these attacks. On Friday, Feb. 18, the US and UK said they had evidence backing the claim.
“We have technical information that links the Russian main intelligence directorate — or GRU. Known GRU infrastructure was seen transmitting high volumes of communication to Ukraine-based IP addresses and domains,” at the time of the attack, said Anne Neuberger, deputy national security advisor for cyber threats, in a briefing at the White House.
The Kremlin, however, denied any involvement.
Meanwhile, western officials told Reuters they were prepared to respond to cyberattacks — including physical or cyberattacks on servers involved — depending on their scope. But “while US, European and Canadian officials have worked out a detailed package of sanctions if Russian forces invade Ukraine, there is no similarly detailed plan for how to respond to cyberattacks,” the news agency wrote, citing its unnamed sources.
Following the attack of last month, the general assumption was that Russian hackers were the masterminds. However, on further investigation it appears the attack originated in Belarus, and that the hackers had access to the administration codes from a private company that built most of the sites.
Sources: Reuters, The Kyiv Independent, The Moscow Times (1, 2)