Ukraine ignores massive defacement of government website
A ‘massive’ cyberattack on Ukraine caught the world’s attention this morning as the country’s foreign ministry said its website, among other things, had been taken down by unidentified hackers.
The attack, which took place overnight, saw websites for the Department of Foreign Affairs, Cabinet Minister, Security and Defense Council, Treasury and many more defaced with messages telling Ukrainians that personal data had been stolen and that they should “be afraid and expect the worst”. “
Immediately the whole world thought of Russia; Vladimir Putin’s armed forces invaded and occupied Crimea in 2014 and, some say, are now policing the remaining part of the former Soviet nation. Until the recent unrest in Kazakhstan, a very large Russian military presence had been noted in eastern Ukraine, apparently poised to continue the invasion.
NATO Secretary General Jens Stoltenberg said: “I strongly condemn cyber attacks against the Ukrainian government,” adding that the alliance would soon strengthen its cyber cooperation with the Eastern European country.
Meanwhile, Ukraine itself withheld attribution, with a Foreign Ministry spokesperson telling Reuters news wire it was too early to say who was responsible – but adding that Russia had done similar things in the past.
It does not appear, from infosec industry sources or media coverage, that this was anything more than a headline-grabbing disfigurement; there is no mention of non-publicly accessible digital infrastructure being attacked or taken offline, and Ukraine’s security service later said no personal data was leaked. Analysts expect Russia to attempt to cripple digital communication networks as an immediate prelude to another invasion.
The attack reportedly targeted 15 websites in Ukraine that used October’s PHP-based content management system, and led to the degradation of websites. This included the Ministry of Foreign Affairs, Cabinet of Ministers, Treasury and others.
Ukraine’s CERT said the attackers got in by exploiting a months-old vulnerability in its Laravel-based CMS, OctoberCMS.
A summary of the vulnerability (rated 6.4 on the CVSS scale) explained that a reset of an account’s password could be exploited through a specially crafted request allowing attackers to take control of it.
Threat intelligence firm Cyjax, which combines information security interests with geopolitics, said “Russia is also suspected of responsibility due to the current situation in the region.”
The company’s CISO, Ian Thornton-Trump, said The register“With global tensions and other players not looking kindly on the G-7, NATO or the EU, there is always a chance that a cyber attack will be misattributed and become a false flag operation intended to heighten tensions.”
John Hultquist, head of intelligence analysis at Mandiant, said in a statement: “Massive damage to Ukrainian government sites is consistent with incidents we have seen in the past as tensions have increased in the region. From the invasion of Georgia in 2008 we saw a defacement of their Ministry of Foreign Affairs which juxtaposed the Georgian President to Hitler.As late as 2019, Sandworm, unit GRU 74455, carried out massive defacements in Georgia.
At the time of writing, the Ukrainian Foreign Ministry website was inaccessible, with connection requests timing out. The ministry said it would use social media to deliver key messages.
Currently, the Ministry’s Facebook and Twitter pages can be used to obtain official information from the ministry:
To contact the MFA on consular matters:
+38 (044) 238-16-57
Embassy contacts can be found on their social media pages pic.twitter.com/yGLwOxbZm1
— MFA of Ukraine 🇺🇦 (@MFA_Ukraine) January 14, 2022
“If it turns out it was the CMS vulnerability from October last year,” said Professor Alan Woodward from the University of Surrey. The register, “it makes you wonder why they hadn’t already fixed it with the available update.”
Professor Woodward added: “It is difficult to see this as an attack that is part of a prelude to war. However, with tensions so high, even minor actions could elicit a much more serious response: these things can escalate with frightening speed.
Over the past few months, Russia has deployed belligerent rhetoric about NATO expansion into what Putin considers Russia’s sphere of influence, apparently seeing this as something that applies to modern Russia. . Despite assurances from Western leaders and NATO commanders that Ukraine will not become an official member of the counter-Russian alliance, Russia continues to ask, ask and make laughable demands.
Russia maintains hacking units that have previously targeted the Ukrainian government; the FSB’s 16th and 18th Divisions were last seen pumping spam into the mailboxes of random organizations. Perhaps they have returned to their daily work. ®