Russian president this week launched a military operation in Ukraine. Explosions have been heard across the country with Ukraine’s foreign minister warning that a ‘’full-scale invasion’’ was underway according to a report by Aljazeera.
In the midst of this conflict, distributed denial of service (DDoS) attacks from Russia are also disrupting Ukrainian government websites and financial service providers. A new ‘’wiper attack’, which destroys data on infected machines, was also discovered being used against Ukrainian organisations representing the third wave of attacks against Ukraine this year, and the most sophisticated to date, the BBC reports.
These latest attacks began on Wednesday afternoon. Internet connectivity company NetBlocks tweeted about the outages, saying “the incident appears consistent with recent DDoS attacks”.
‘’Confirmed: Ukraine‘s Ministry of Foreign Affairs, Ministry of Defense, Ministry of Internal Affairs, the Security Service of Ukraine and Cabinet of Ministers websites have just been impacted by network disruptions; the incident appears consistent with recent DDOS attacks’’ the tweet read.
The DDoS attacks was unleashed around 16:00 local time in Ukraine, against the Ukraine Ministry of Foreign Affairs, Ministry of Defense, Ministry of Internal Affairs, Cabinet of Ministers and the Security Service of Ukraine. The outages lasted about two hours and are so far unattributed. ESET and Symantec reported a new boot sector wiper being deployed at approximately 17:00 local time, which was precisely in the middle of this DDoS attack. It appears to have impacted a small number of organizations related to finance and Ukrainian government contractors. Symantec reported there was some spillover onto PCs in Latvia and Lithuania, likely remote offices of Ukrainian companies
At 02:00 local time on February, 24, 2022, the websites of the Ukrainian Cabinet of Ministers, and those of the Ministries of Foreign Affairs, Infrastructure, Education, and others were unreachable, according to CNN. By 06:00 local time on February 24, 2022, they appeared to be operating normally.
DDoS Attacks and Russia
Cyberattacks have been a key tool of Russian aggression in Ukraine since 2014. The country has also used DDoS attacks in various campaigns as a part of its so-called “hybrid warfare” tactics, combining cyber-attacks with traditional military activity.
The earliest known activity dates to April 26, 2007, when the Estonian government moved a statue commemorating the Soviet Union’s liberation of Estonia from the Nazis to a less prominent location.
‘’This action infuriated Estonia’s Russian speaking population and destabilized relations with Moscow. Soon after there were riots in the streets, protests outside of the Estonian embassy in Moscow and a wave of debilitating DDoS attacks on Estonian government and financial services websites. ‘’ Chester Wisniewski, principal research scientist at Sophos says.
Chester, in an article reviewing the history of known or suspected Russian state activities in the cyber realm notes that fully prepared tools and instructions on how to participate in DDoS attacks appeared on Russian forums almost immediately after the moving of the statue. These attacks targeted websites belonging to the President, Parliament, police, political parties, and major media outlets.
On Tuesday, the EU announced that it was deploying a cyber rapid-response team (CRRT) across Europe, after a call for help from Ukraine.