Cyberattack hits Ukraine government websites

A laptop screen displays a warning message in Ukrainian, Russian and Polish that appeared on the official website of the Ukrainian Foreign Ministry.

Kyiv, Ukraine (CNN)Scores of Ukrainian government websites were targeted in a cyberattack with threatening text warning Ukrainians to "be afraid and wait for the worst" and alleging their personal information has been hacked.

Ukraine claimed Russia was most likely behind the attack, which affected the websites of the Ministry of Foreign Affairs and a number of other government agencies.
Oleg Nikolenko, Ukraine's foreign ministry spokesman tweeted on Friday that the "investigation is still ongoing but the Security Service of Ukraine has obtained preliminary indicators suggesting that hacker groups associated with the Russian secret services may stand behind today's massive cyberattack on government websites."
    Ukraine's communication intelligence service said in a statement that as many as 70 central and regional authority websites were targeted.
      The attack appears to be a low-level incident but is symbolic coming at the end of a week of frantic diplomacy involving NATO, the Organization for Security and Co-operation in Europe (OSCE) and bilateral talks between Russia and the United States -- all aimed at trying to deescalate tensions on Ukraine's border.
      "This is not the first time or even the second time that Ukrainian Internet resources have been attacked since the beginning of the Russian military aggression," the Ukrainian Information Ministry said in a statement.
      Most of the affected state resources have already been restored, according to Ukraine's security service, who said that personal data had not been breached.

        What happened?

        Early Friday morning local time, Ukrainian government websites, including that of the Foreign Ministry, displayed dark screens with a threatening text that said Ukrainians' personal information had been hacked.
        "Ukrainian! All your personal data has been uploaded to the public network. All data on the computer is destroyed, it is impossible to restore them," the message, published in Ukrainian, Russian and Polish, read.
        "All information about you has become public, be afraid and wait for the worst. This is for you for your past, present and future. For Volhynia, for the OUN UIA [Organization of Ukrainian Nationalists Ukrainian Insurgent Army], for Galicia, for Polesie and for historical lands," the web page read.
        The UIA and OUN were Ukrainian ultranationalist groups that fought for independence during the Soviet era, while Galicia, Volhynia and Polesie are areas from which they historically drew high levels of support.
        A statement from Ukraine's Ministry of Culture and Information Policy suggested that the text mentioned the groups and regions as a "way to conceal the "Russian footprint" by hackers."
        "It is obvious that this was done on purpose to cast a shadow over the hacker attack on Poland: Russia and its proxies have been working for a long time to create the quarrel between two friendly neighboring countries," the ministry added in a statement.
        The Security Service of Ukraine said in a statement that although "provocative messages were posted on the main page of these sites," the content of the sites was not changed, adding "the leakage of personal data, according to preliminary information, did not occur."
        The websites of the ministries of education, foreign affairs, sport, energy, agrarian policy, veterans, environment and the state emergency service of Ukraine and the state treasury were targeted, according to state media Ukrinform.
        The Ministry of Education and Science, whose official website is down, directed citizens to use the ministry's official social media channels on Friday while the issue is being resolved.
        The head of Ukraine's technical security and intelligence service Yuri Shchigol said almost 70 websites of central and regional authorities had been affected.
        "It appears that each of these sites was developed on behalf of the government of Ukraine by a Ukrainian firm named Kitsoft," said Matt Olney, director of threat intelligence and interdiction at Talos, the threat intelligence unit of technology giant Cisco, told CNN. "While obviously unfortunate, we do not see this event alone as indicating an increase or decrease of [cyber] risk in Ukraine," he added.
        Oleksandr Iefremov, the CEO of Kitsoft, said the firm was "actively involved in restoring" the government websites that it supports. Not all of the Ukrainian government websites affected by the hack run Kitsoft software, Iefremov said in a statement sent to CNN.
        "We test vulnerabilities, bugs, and update government websites that are supported by Kitsoft company in a timely manner," Iefremov said. "Unfortunately, not all the customers order website support, so we dіd not have access to them."
        While the Ukrainian government has suggested Russian involvement in the hack, outside experts say they cannot make that attribution without forensic evidence.
        Oleh Derevianko, founder of Kyiv-based cybersecurity firm ISSP, said he wasn't surprised by the defacement of government websites.
        "It's a good illustration how you can use a simple defacement attack as an informational operation tool when everyone is so nervous and agitated about potential invasion," he told CNN.

        Attacks add to an 'already tense s