Advertisement

Ukrainian telecom, government blame cyberattack for most severe disruption since Russian invasion

The disruption targeted a large service provider in what might be the latest in a string of ongoing intentional internet disruptions.
(audriusmerfeldas/Getty Images)

One of Ukraine’s key internet service providers suffered a significant outage Monday, with both the Ukrainian government and the company blaming a cyberattack.

“Today, the enemy launched a powerful cyberattack against Ukrtelecom’s IT-infrastructure,” Yurii Shchyhol, the Chairman of the State Service of Special Communication and Information Protection of Ukraine said in a statement to reporters Monday.

When asked if “enemy” referred to Russia, he declined to comment.

Shchyhol said the attack had been repelled thanks to the work of specialists from the SSSCIP Ukraine.

Advertisement

Urktelecom’s CEO Yuriy Kurmaz confirmed in a LinkedIn message that the company is in the process of restoring service to all users. The company temporarily shut down service or private users and business customers in order to stop disruption to service for military forces and critical infrastructure, he said.

NetBlocks, a London-based internet accessibility advocacy group that monitors access around the world, tweeted Monday morning U.S. time that connectivity for Ukrtelecom dropped to 13% of pre-war levels as part of an “ongoing and intensifying nation-scale disruption to service, which is the most severe since the invasion by Russia.”

Isik Mater, the director of research at NetBlocks, told CyberScoop that the disruption is the most severe attack on the company — not all of Ukraine’s internet access — since the start of the invasion.

“But going by the public response it is also potentially the most impactful incident more generally,” she said, noting that the Ukrtelecom Facebook page was inundated with more than 1,000 complaints about connectivity.

The main website for the company remained inaccessible as of 2:50 p.m. ET U.S. time.

Advertisement

Connectivity for Ukrtelecom customers declined over a five-hour period beginning at about 11 a.m. local time in Ukraine, according to Doug Madory, the director of internet analysis at Kentik.

Ukrtelecom is seventh among Ukrainian telecom providers in terms of their volume of traffic, Madory added in a subsequent tweet. But also one of the key providers in rural parts of the country.

Ukrainian networks have been targeted by Russian government hackers for years. The activity intensified ahead of the Feb. 24 Russian military attack, including wiper malware designed to destory data, website defacements, DDoS attacks and an attack on modems provided by U.S. company Viasat targeting Ukrainian communication networks that’s spilled into other countries. As part of regular briefings with international reporters, Zhora has described ongoing hacker efforts to target Ukrainian logistics and humanitarian efforts amid ongoing DDoS disruptions.

Updated 3/28/22: with additional information from Ukrtelecom and SSSCIP Ukraine.

Russia declared war against Ukraine on Feb. 24., 2022. Before, during and after the military campaign began, the CyberScoop staff has been tracking the cyber dimensions of the conflict.

This story was featured in CyberScoop Special Report: War in Ukraine

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts