- Oops!Something went wrong.Please try again later.
- Oops!Something went wrong.Please try again later.
- 46th and current president of the United States
- American political advisor and White House press secretary
WASHINGTON – The White House said Friday it is assessing a cyberattack that left dozens of Ukrainian government websites temporarily unavailable.
While it wasn’t immediately clear who was behind the cyberattack, the disruption came amid heightened tensions with Russia and after talks between Moscow and the West failed to yield any significant progress this week.
President Joe Biden has been briefed on the attack, and the U.S. and its allies are concerned about the cyber assault, White House press secretary Jen Psaki said. She would not say whether the U.S. suspects that Russia is behind the attack or how it intends to respond, but stressed that the Biden administration would take "necessary and proper steps" to support the Ukrainian people.
Psaki also confirmed a CNN report that U.S. intelligence has information that suggests Russia has dispatched operatives into eastern Ukraine as part of a "false flag" operation. The operatives are trained in urban warfare and in using explosives to carry out acts of sabotage against Russian forces – actions that Russia would then falsely blame on Ukraine and might use as a pretext for invading that country.
"This is all the spreading of misinformation" and a strategy that Russia employed before its invasion of Ukraine in 2014, Psaki said.
In Kyiv, Ukrainian Foreign Ministry spokesman Oleg Nikolenko told The Associated Press it was too soon to tell who could have been behind the cyberattack, “but there is a long record of Russian cyber assaults against Ukraine in the past.”
Moscow had previously denied involvement in cyberattacks against Ukraine.
About 70 websites of both national and regional government bodies have been targeted by the attack, according to Victor Zhora, deputy chair of the State Service of Special Communication and Information Protection. Zhora stressed, however, that no critical infrastructure was affected and no personal data was leaked.
What's happening in Ukraine?: Russian troops at border raise new invasion fear
The hack amounted to a simple defacement of government websites, said Oleh Derevianko, a leading private sector expert and founder of the ISSP cybersecurity firm. The hackers got into a content management system they all use, but “didn’t get access to the websites themselves.”
“It could be just a regular information operation (seeking) to undermine the government’s capability and to create and enhance uncertainty,” added Derevianko. It could also possibly be “part of a planned hybrid attack or longer term and more sophisticated cyber operation which is underway but has not culminated.”
The main question, said Derevianko, is whether this is a standalone hacktivist action or part of a larger state-backed operation.
Tensions along the Russia-Ukraine border
Tensions between Ukraine and Russia have been running high in recent months after Moscow amassed an estimated 100,000 troops near Ukraine’s border, stoking fears of an invasion. Moscow says it has no plans to attack and rejects Washington’s demand to pull back its forces, saying it has the right to deploy them wherever necessary.
The Kremlin has demanded security guarantees from the West that NATO deny membership to Ukraine and other former Soviet countries and roll back the alliance’s military deployments in Central and Eastern Europe. Washington and its allies have refused to provide such pledges, but said they are ready for the talks.
High-stakes talks this week between Moscow and the U.S., followed by a meeting of Russia and NATO representatives and a meeting at the Organization for Security and Cooperation in Europe, failed to bring about any immediate progress.
NATO Secretary-General Jens Stoltenberg said Friday that the 30-country military organization will continue to provide “strong political and practical support” to Ukraine in light of the cyber attacks.
“In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation, including Ukrainian access to NATO’s malware information sharing platform,” Stoltenberg said in a statement.
European Union foreign policy chief Josep Borrell said Friday that the 27-nation bloc is ready to mobilize all its resources to provide technical assistance to Ukraine and help it improve its capacity to weather cyberattacks.
Asked who could be behind the attack, Borrell said: “I can’t point at anybody because I have no proof, but one can imagine.”
Russia's history of cyberattacks
Russia has long history of launching cyber operations against Ukraine, including a hack of its voting system ahead of 2014 national elections and an assault the country’s power grid in 2015 and 2016. In 2017, Russia unleashed one of most damaging cyberattacks on record with the NotPetya virus that targeted Ukrainian businesses and caused more than $10 billion in damage globally.
Ukrainian cybersecurity professionals have been fortifying the defenses of critical infrastructure ever since. Zhora has told the AP that officials are particularly concerned about Russian attacks on the power grid, rail network and central bank.
Experts have said recently that the threat of another such cyberattack is significant as it would give Russian President Vladimir Putin the ability to destabilize Ukraine and other former Soviet countries that wish to join NATO without having to commit troops.
“If you’re trying to use it as a stage and a deterrent to stop people from moving forward with NATO consideration or other things, cyber is perfect,” Tim Conway, a cybersecurity instructor at the SANS Institute, told The Associated Press in an interview last week.
Conway was in Ukraine last month conducting a simulated cyberattack on the country’s energy sector. The U.S. has been investing in improving Ukraine’s cyber defenses for several years through various departments, like the Department of Energy and USAID.
REvil ransomware gang shut down
In a separate development Friday, Russia’s Federal Security Service, or FSB, announced the detention of members of the REvil ransomware gang and shutting down its operation. REvil is a major ransomware syndicate that was behind last year’s Fourth of July weekend ransomware attack that crippled more than 1,000 businesses and public organizations globally.
The FSB said it raided the homes of 14 group members and seized over 426 million rubles ($5.6 million), including in cryptocurrency as well as computers, crypto wallets and 20 elite cars “bought with money obtained by criminal means.” All those detained have been charged with “illegal circulation of means of payment,” a criminal offense punishable by up to six years in prison.
In Washington, a senior administration official said that one of the hackers arrested was responsible for the ransomware attack last May on the Colonial Pipeline, which runs more than 5,500 miles from Texas to New Jersey and supplies almost half of the fuel on the U.S. East Coast.
The attack caused Colonial to temporarily shut down all of the pipeline's operations and halt fuel supplies for nearly a week. Colonial later said it paid $4.4 million to the hackers so it could restart the pipeline quickly.
The senior administration official provided no details about the identity of the hacker.
According to the FSB, Russia's raid on REvil operation was conducted upon a request from the U.S. authorities, who reported the leader of the group to officials in Moscow.
It is the first significant public action by Russian authorities since Biden warned Putin last year that he needed to crack down on ransomware gangs in his country.
REvil’s attacks have compromised tens of thousands of computers worldwide and yielded at least $200 million in ransom payments, Attorney General Merrick Garland said in November when announcing charges against two hackers affiliated with the gang.
REvil went dark this summer, with data-leak site and ransom-negotiating portals going offline, after a series of high-profile ransomware attacks. It was behind a July 2 supply chain ransomware attack that crippled well over 1,000 organizations globally by targeting Florida-based software provider Kaseya. And JBS, the world’s largest meat processor, said in June that it had paid $11 million following a hack by REvil.
Such attacks brought significant attention from law enforcement officials around the world. The U.S. announced charges against two affiliates in November, hours after European law enforcement officials revealed the results of a lengthy, 17-nation operation. As part of that operation, Europol said, a total of seven hackers linked to REvil and another ransomware family have been arrested since February.
The Associated Press reported last year that U.S. officials, meanwhile, shared a small number of names of suspected ransomware operators with Russian officials, who have said they have started investigating. Kremlin spokesman Dmitry Peskov said late last year that countries have been having a useful dialogue.
“This is a huge, huge deal,” Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, said of FSB’s announced arrests Friday. “This was a top tier group until recently.”
Michael Collins reported from Washington for USA TODAY. He covers the White House. Follow him on Twitter @mcollinsNEWS.
For The Associated Press, Frank Bajak reported from Boston, Litvinova reported from Moscow. Catherine Gaschka in Brest, France, Alan Suderman in Richmond, Virginia, and Eric Tucker in Washington, contributed to this report.
This article originally appeared on USA TODAY: U.S. assessing cyberattack against government websites in Ukraine