Accessibility links

Breaking News

Ukraine Is 'Ground Zero' For Hackers In Global Cyberattacks

A laptop displays a message after being infected by ransomware used in a worldwide cyberattack launched on June 27.
A laptop displays a message after being infected by ransomware used in a worldwide cyberattack launched on June 27.

Ukraine’s heavy reliance on Russian technology impairs its ability to adequately defend against cyberattacks such as the Petya virus ravaging computers around the world and has helped make the country ground zero on the front lines of the global cyberwar.

The “unprecedented” June 27 attack started in Ukraine -- hitting government computer networks and websites of banks, major industrial enterprises, the postal service, Kyiv's international airport, and its subway system -- before spreading to other countries and international companies around the world.

Ukraine bore the brunt with more than 60 percent of the attacks, with the virus even hitting radiation-monitoring systems at the shuttered Chernobyl power plant, site of the world's worst-ever civilian nuclear accident. Engineers were forced to use manual operating plans after the virus locked up its computer system.

Analysts from Microsoft and the Slovakian-based cybersecurity company ESET both said the attack targeted M.E.Doc, a Ukrainian tax-accounting software company, before the ransomware quickly spread to at least 64 other countries.

M.E.Doc first admitted its systems had been compromised, though it later denied being "patient zero" in the attack.

'A Test Bed For Attacks'

While the source of the attack using the Petya virus is still not clear, it was not the first to originate in Ukraine and probably won’t be the last to start there.

Petya is a version of the WannaCry virus, which also used the EternalBlue exploit to infiltrate systems and shut down more than 200,000 computers in some 150 countries in May. The hackers that launched it demanded that users pay hundreds of dollars to regain access to their computer and not lose data.​

Ukraine "is considered a test bed for attacks on major infrastructure. Targets over the years include the national power grid, national railway system, one of their major stock exchanges, and Boryspil, Ukraine's busiest airport," said Ryan Brack, a senior vice president at Mercury Public Affairs and the co-organizer of the Global Cybersecurity Summit (GCS) held in the Ukrainian capital earlier this month.

Kyiv, which has repeatedly accused Russia of orchestrating attacks on its computer systems and critical energy infrastructure since Moscow annexed Ukraine's Crimean Peninsula in 2014, has blamed the Kremlin for previous cyberattacks, including one on its power grid at the end of 2015 that left part of western Ukraine temporarily without electricity.

Ukraine has also seen a number of cyberattacks on private companies and government systems, while a number of hacked government documents have appeared on the Internet.

Most notably, Russian hackers tried to influence Ukraine’s 2014 elections targeting voting infrastructure and using fake news reports to try to sway the outcome in what is widely seen as a precursor to tampering attempts in recent elections in the United States and France.

Oleksandr Turchynov, the secretary of Ukraine's Security and Defense Council, said there were signs of Russian involvement in the June 27 cyberattack, though he did not give any direct evidence. Several large Russian companies were also hit in the attack.

Cyberattacks on Ukrainian infrastructure "should serve as a wake-up call for all those responsible for the security of critical systems around the world," according to Anton Cherepanov, a senior malware researcher at ESET.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.