Key Ukrainian government websites were down early Thursday morning local time following a day in which Ukrainian agencies dealt with multiple cyberattacks and as concerns mounted over Russian troop movements into Ukraine’s separatist regions.
The websites of the Ukrainian Cabinet of Ministers, and those of the ministries of foreign affairs, infrastructure, education and others, were experiencing disruptions.
In a separate and potentially more serious hacking incident hours earlier, a data-wiping tool was found on hundreds of computers in Ukraine, according to cybersecurity researchers, raising concerns that a destructive cyberattack was unfolding amid Russia’s military escalation.
Taken together, the incidents represented an apparent escalation in cyberattacks on Ukrainian infrastructure as the US and its allies warned of an imminent Russian invasion in Ukraine and slapped sanctions on Russian banks and elites. In televised remarks, Russian President Vladimir Putin announced military action in Ukraine’s Donbas region Thursday morning, urging Ukrainian forces to lay down their arms and go home.
“We are aware of multiple commercial and government organizations in Ukraine impacted by the destructive malware today,” Charles Carmakal, senior vice president and chief technology officer for cybersecurity firm Mandiant, told CNN.
The hacking incidents came as United Nations Secretary-General António Guterres made an eleventh-hour appeal to Russia to curtail military action.
“If indeed an operation is being prepared, I have only one thing to say from the bottom of my heart: President Putin, stop your troops from attacking Ukraine,” Guterres told an emergency meeting of the UN Security Council on Wednesday night in New York. “Give peace a chance. Too many people have already died.”
US officials have warned that Russia will very likely use cyber operations in conjunction with military action in Ukraine. President Joe Biden said last month the US could respond with cyberoperations of its own if Russia conducts additional cyberattacks in Ukraine.
The website disruptions early Thursday in Ukraine followed news Wednesday afternoon of a cyberattack that temporarily knocked offline the websites of the Ukrainian parliament, Security Service and Cabinet of Ministers.
It wasn’t immediately clear who was responsible for the destructive hacking incident, or the website disruptions early Thursday morning. The Ukrainian government did not immediately respond to CNN’s request for comment.
The State Service of Special Communications and Information Protection of Ukraine said the cyberattacks on websites reported earlier Wednesday were “a continuation” of cyberattacks that hit Ukrainian government websites on February 15. The White House blamed Russia’s military intelligence agency, the GRU, for those hacks, which are known as distribute denial of service (DDoS) attacks because they overwhelm computer servers with phony traffic and knock websites offline. Russia’s embassy in Washington denied the accusation.
Of all the cyber incidents, though, the destructive data-wiping tool – known as “wiper” malware – had the potential to be the most impactful. Wiper malware typically deletes data from computers and renders them inoperable. That has the potential to hobble organizations trying to stay online in a conflict.
The hack hit at least one Ukrainian financial institution and two Ukrainian government contractors, one with a presence in Latvia and the other with a presence in Lithuania, Vikram Thakur, technical director at Broadcom’s cybersecurity unit Symantec, told CNN.
The malicious code affected “large organizations” in Ukraine, according to cybersecurity firm ESET, which has multiple clients in the country. The hacking tool appears to have been created two months ago, but “was deployed only today and we have seen it only in Ukraine,” said Jean-Ian Boutin, head of threat research ESET.
In the event of a larger conflict between Russia and Ukraine, US officials are concerned that transportation networks and broadcast media in Ukraine could be shut down by kinetic or cyberattacks, a senior Department of Homeland Security told state and local officials Tuesday.
The goal right now for Ukrainian government agencies and key business is resiliency in the face of waves of hacking. Some agencies have been able to come back online relatively quickly following the DDoS attacks last week. US and numerous allied governments, along with private-sector experts, are providing cybersecurity support to Ukraine on the ground and remotely.
“With a top-tier cyber power like Russia, you’re not going to keep them out 100%, so the goal is resilience,” Sen. Mark Warner, the Virginia Democrat who chairs the Senate Intelligence Committee, told CNN.
Asked if the US should conduct its own hacking operations in response to Russian activities in Ukraine, Warner said the US generally avoids “opening Pandora’s Box in terms of cyber escalation.”
“So far, that’s been the right approach,” Warner added. “But we’ve never seen this sort of circumstance where Putin is willing to unleash 190,000 troops” and threaten Kyiv, he added. “We don’t know what he’ll do in the cyber realm.”
This headline and story have been updated with additional reporting.
CNN’s Tim Lister in Kyiv contributed to this report.