Security News > 2022 > January > Massive Cyber Attack Knocks Down Ukrainian Government Websites

No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia.

"As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down," Oleg Nikolenko, MFA spokesperson, tweeted.

The Security Service of Ukraine, the country's law-enforcement authority, alluded to a possible Russian involvement, pointing fingers at the hacker groups associated with the Russian secret services while branding the intrusions as a supply chain attack that involved hacking the "Infrastructure of a commercial company that had access to the rights to administer the web resources affected by the attack."

Prior to the update from the SSU, the Ukrainian CERT claimed that the attacks may have exploited a security vulnerability in Laravel-based October CMS, which could be abused by an adversary to gain access to an account using a specially crafted request.

The breach targeted a number of government websites, including those for Ukraine's Cabinet, education, agriculture, emergency, energy, veterans affairs, and environment ministries, among others, 10 websites of which were "Subjected to unauthorized interference."

"The purpose of such attacks is to destabilize the internal situation in the country, as well as to sow chaos and disbelief in society," the Center for Strategic Communications and Information Security said, noting the hacks amount to "Psychological pressure and intimidation."

News URL

https://thehackernews.com/2022/01/massive-cyber-attack-knocks-down.html