Ukrainian telecom, government blame cyberattack for most severe disruption since Russian invasion
One of Ukraine’s key internet service providers suffered a significant outage Monday, with both the Ukrainian government and the company blaming a cyberattack.
“Today, the enemy launched a powerful cyberattack against Ukrtelecom’s IT-infrastructure,” Yurii Shchyhol, the Chairman of the State Service of Special Communication and Information Protection of Ukraine said in a statement to reporters Monday.
When asked if “enemy” referred to Russia, he declined to comment.
Shchyhol said the attack had been repelled thanks to the work of specialists from the SSSCIP Ukraine.
Urktelecom’s CEO Yuriy Kurmaz confirmed in a LinkedIn message that the company is in the process of restoring service to all users. The company temporarily shut down service or private users and business customers in order to stop disruption to service for military forces and critical infrastructure, he said.
NetBlocks, a London-based internet accessibility advocacy group that monitors access around the world, tweeted Monday morning U.S. time that connectivity for Ukrtelecom dropped to 13% of pre-war levels as part of an “ongoing and intensifying nation-scale disruption to service, which is the most severe since the invasion by Russia.”
Isik Mater, the director of research at NetBlocks, told CyberScoop that the disruption is the most severe attack on the company — not all of Ukraine’s internet access — since the start of the invasion.
“But going by the public response it is also potentially the most impactful incident more generally,” she said, noting that the Ukrtelecom Facebook page was inundated with more than 1,000 complaints about connectivity.
The main website for the company remained inaccessible as of 2:50 p.m. ET U.S. time.
Connectivity for Ukrtelecom customers declined over a five-hour period beginning at about 11 a.m. local time in Ukraine, according to Doug Madory, the director of internet analysis at Kentik.
Ukrtelecom is seventh among Ukrainian telecom providers in terms of their volume of traffic, Madory added in a subsequent tweet. But also one of the key providers in rural parts of the country.
Ukrainian networks have been targeted by Russian government hackers for years. The activity intensified ahead of the Feb. 24 Russian military attack, including wiper malware designed to destory data, website defacements, DDoS attacks and an attack on modems provided by U.S. company Viasat targeting Ukrainian communication networks that’s spilled into other countries. As part of regular briefings with international reporters, Zhora has described ongoing hacker efforts to target Ukrainian logistics and humanitarian efforts amid ongoing DDoS disruptions.
Updated 3/28/22: with additional information from Ukrtelecom and SSSCIP Ukraine.
This story was featured in CyberScoop Special Report: War in Ukraine
