Ukraine ignores massive defacement of government website

A ‘massive’ cyberattack on Ukraine caught the world’s attention this morning as the country’s foreign ministry said its website, among other things, had been taken down by unidentified hackers.

The attack, which took place overnight, saw websites for the Department of Foreign Affairs, Cabinet Office, Security and Defense Council, Treasury and many more defaced with messages telling Ukrainians that personal data had been stolen and that they should “be afraid and expect the worst”. “

Immediately the whole world thought of Russia; Vladimir Putin’s armed forces invaded and occupied Crimea in 2014 and, some say, are now ogle the remaining portion of the ex-Soviet nation. Up to recent unrest in Kazakhstan a very large Russian military presence had been noted in eastern Ukraine, apparently ready to continue the invasion.

NATO Secretary General Jens Stoltenberg noted“I strongly condemn cyber attacks against the Ukrainian government,” adding that the alliance would soon strengthen its cyber cooperation with the Eastern European country.

Meanwhile, Ukraine itself withheld the award, with a Foreign Ministry spokesperson story Reuters news wire said it was too early to say who was responsible – but added that Russia has done similar things in the past.

It does not appear, from infosec industry sources or media coverage, that this was anything more than a headline-grabbing disfigurement; there is no mention of non-publicly accessible digital infrastructure being attacked or taken offline, and Ukraine’s security service later said no personal data was leaked. Analysts expect Russia to attempt to cripple digital communication networks as an immediate prelude to another invasion.

The attack reportedly targeted 15 websites in Ukraine that used October’s PHP-based content management system, and led to the degradation of websites. This included the Ministry of Foreign Affairs, the Cabinet of Ministers, the Treasury and others.

Ukraine’s CERT said the attackers entered through exploit a months-old vulnerability in its Laravel-based CMS, OctoberCMS.

A abstract of the vulnerability (rated 6.4 on the CVSS scale) explained that a reset of an account’s password can be exploited via a specially crafted request allowing attackers to take control of it.

Threat intelligence firm Cyjax, which combines information security interests with geopolitics, said “Russia is also suspected of responsibility due to the current situation in the region.”

The company’s CISO, Ian Thornton-Trump, said The register“With global tensions and other players not looking kindly on the G-7, NATO or the EU, there is always a chance that a cyber attack will be misattributed and become a false flag operation intended to heighten tensions.”

John Hultquist, head of intelligence analysis at Mandiant, said in a statement: “Massive damage to Ukrainian government sites is consistent with incidents we have seen in the past as tensions have increased in the region. From the invasion of Georgia in 2008 we saw a defacement of their Ministry of Foreign Affairs which juxtaposed the Georgian President to Hitler.As late as 2019, Sandworm, unit GRU 74455, carried out massive defacements in Georgia.

At the time of writing, the Ukrainian Foreign Ministry website was inaccessible, with connection requests timing out. The ministry said it would use social media to deliver key messages.

“If it turns out it was the CMS vulnerability from October last year,” said Professor Alan Woodward of the University of Surrey. The register“it makes you wonder why they hadn’t already fixed it with the available update.”

Professor Woodward added: “It is difficult to see this as an attack that is part of a prelude to war. However, with tensions so high, even minor actions could elicit a much more serious response: these things can escalate with frightening speed.

Over the past few months, Russia has deployed bellicose rhetoric about NATO expansion into what Putin sees as Russia’s sphere of influence, apparently viewing this as something that applies to modern Russia. . Despite assurances from Western leaders and NATO commanders that Ukraine will not become an official member of the counter-Russian alliance, Russia continues to ask, ask and make laughable demands.

Russia maintains hacking units that have previously targeted the Ukrainian government; the FSB’s 16th and 18th Divisions were last seen pumping spam into the mailboxes of random organizations. Perhaps they have returned to their daily work. ®

Sherry J. Basler