Skip to main content
close search
site logo
Dive Brief

Ukraine discovers lingering breaches 1 year into Russia invasion

Published Feb. 24, 2023
Matt Kapko's headshot
Senior Reporter
Ukrainian parliament building
The Ukrainian flag flies over the Verchovna Rada, the Ukrainian Parliament, on October 02, 2019 in Kiev, Ukraine. Sean Gallup/Getty Images via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Ukraine’s cybersecurity authorities are responding to a series of breaches spanning multiple government websites using backdoors that were installed in the final weeks of 2021.

  • The discovery and response to the attacks come as Russia’s invasion of Ukraine hits the one-year mark. “It is safe to say that the incident has not caused any essential system failures or disruptions in the operation of the public authorities,” State Service of Special Communications and Information Protection of Ukraine said in a statement Thursday.

  • The Cybersecurity and Infrastructure Security Agency did not respond to questions about the breaches on websites for central and local authorities in Ukraine. The agency did issue an alert warning that the U.S. and European nations may experience cyberattacks around the anniversary of Russia’s 2022 invasion of Ukraine.

Dive Insight:

The war in Ukraine raised awareness for cyber risk across governments and companies. For security stakeholders, physical war was expected to spill over into cyberspace.

But in the early weeks of the war, top U.S. national security and law enforcement officials said they were tracking a surprisingly limited number of cyberattacks in Ukraine. CISA in July formalized closer cooperation with Ukraine's SSSCIP.

The SSSCIP said the incident hasn’t resulted in any essential system failures or disruptions. “Operation of most of the information resources has been recovered already, and they are running and available as usual,” the agency said.

The Computer Emergency Response Team of Ukraine said it detected a previously known encrypted web shell on a government site on Wednesday. The web shell was created and used to download a PHP backdoor no later than Dec. 23, 2021, according to CERT-UA.

“Based on the set of signs, we can make a preliminary conclusion that the violation of the normal operation mode of the investigated web resources was carried out by the UAC-0056 group,” CERT-UA said in a statement, according to a translation. The Russian-state sponsored threat actor is also tracked as Ember Bear or UNC2589.

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell