Accessibility links

Breaking News

Ukraine Searches For Culprit After Cyberattacks On Finance Ministry, Treasury

Hundreds of thousands of hryvnyas' worth of remittances were affected after hackers knocked out the websites and payment systems of the Ukrainian Ministry of Finance as well as the State Treasury and pension fund.

KYIV -- Ukrainian authorities are still looking for the culprits nearly a week after troublesome cyberattacks against official financial institutions that appeared to be designed to inflict maximum chaos on end-of-the-year payments.

But the head of staff of the Ukrainian Security Service (SBU) identified the so-called malware used in the December 6 attack as the same disruptive software employed in an unprecedented incident a year earlier, blamed on Russia, that cut off power to hundreds of thousands of homes in Ukraine.

Hundreds of thousands of hryvnyas' worth of remittances were delayed or stopped completely over the course of two days after hackers knocked the websites and payment systems of the Ministry of Finance, State Treasury, and pension fund offline, according to statements posted to those sites and local reports.

The National Police are leading the investigation and have discussed the case with the SBU, Oleksandr Tkachuk, chief of staff of the SBU, told RFE/RL on December 12.

The Finance Ministry, which described the incident as a "coordinated professional hacking attack," also claimed the attack had damaged its network equipment.

Tkachuk confirmed that "some data was destroyed and access to networks was blocked."

He said authorities were not prepared to discuss many details publicly because it would take time to fully assess them, adding that attribution in the cybersecurity sphere is a tricky business.

Tkachuk said the attack appeared to bear some similarity to a December 2015 attack against the Prykarpattyaoblenergo power company in Ukraine's western Ivano-Frankivsk region that cut power to hundreds of thousands of homes.

Critical Infrastructure

Ukrainian officials blamed that cyberattack on Russia and speculated that it might have been retaliation for Kyiv cutting off electricity one month earlier to Crimea, which Russia seized from Ukraine in early 2014.

But experts at the time warned that the greater message might be that hackers had the power to shut down critical infrastructure -- something that cybersecurity experts had long feared but never seen in practice.

Elizabeth Sherwood-Randall, a deputy secretary at the U.S. Department of Energy, also blamed Russia for the December 2015 cyberattack.

In that case, the hackers used malicious software called KillDisk, which deletes or overwrites data in system files, causing computers to crash.

KillDisk was also used in the December 6 attacks, the SBU's Tkachuk told RFE/RL.

Relations between Kyiv and Moscow soured after Russia forcibly annexed Crimea in March 2014, and Russia has been accused by Kyiv and Western powers of backing a separatist conflict in eastern in Ukraine that has killed more than 9,750 people.

Kyiv has on several occasions blamed Russia for cyberattacks -- including one on Ukraine's election system ahead of the presidential vote in May 2014 -- that it claims are part of Moscow’s greater "hybrid war," a military strategy that combines conventional warfare, irregular warfare, and cyberwarfare.