Internet traffic collapsed in Ukraine on the morning of March 28. Ukrtelecom, one of the largest Internet Service Providers (ISPs) has explained that it is the victim of a massive cyberattack, of which the Russian origin is not in doubt. Service was gradually restored.
Details of the cyberattack were not released.
NetBlocks, a specialist in observing connectivity losses around the world, was one of the first to report the ” major internet disruptions ” in Ukraine. Alp Toker, director of the organization, told Forbes than ” gradual loss of connectivity indicated it was not a power or cable outage “.
Kaspersky, China Mobile and China Telecom are security threats to the FCC
⚠️ Confirmed: A major internet disruption has been registered across #Ukraine on national provider #Ukrtelecom; real-time network data show connectivity collapsing to 13% of pre-war levels; the provider reports issues assigning new sessions
? Background: https://t.co/S0qJQ7CbNv pic.twitter.com/BY2OOBK0m6
—NetBlocks (@netblocks) March 28, 2022
Later that day, the Special Service for Communications and Information Protection of Ukraine (SSSCIP) confirmed on social media, “ Today the enemy launched a powerful cyberattack against the IT infrastructure of Ukrtelecom “.
Today, the enemy launched a powerful cyberattack against #Ukrtelecom ‘s IT-infrastructure. According to Yurii Shchyhol, the Chairman of the @dsszziat the moment massive cyberattack against #Ukrtelecom is neutralized. Resuming services is under way. #Ukraine #CyberAttack #war
— SSSCIP Ukraine (@dsszzi) March 28, 2022
Details of the attack were not released. Toby Lewis, head of threat analysis at Darktrace, a cyberattack firm, forwarded to digital century the hypothesis ” that it is a supply chain attack where endpoints, such as home routers, are slowly taken out of service. A similar attack had been carried out against ViaSat on the day the invasion began, and previously with Solarwinds’ Orion campaign, where the real damage only occurred after malicious updates or configuration changes were rolled out at within customer systems “.
The SSSCIP explained in the aftermath that the attack had been repelled, without the connection being immediately restored for Ukrtelecom customers, “ In order to preserve its network infrastructure and continue to provide services to the Armed Forces of Ukraine and other military formations “. NetBlocks confirmed the relatively normal resumption of activity 15 hours after the first loss of connectivity from ISP customers.
Since the beginning of the invasion of Ukraine by Russia on February 24, it seems to be the most important cyberattack that has affected the country. Forbes reports that a similar incident, which occurred in early March, affected a smaller telecommunications company, Triolan.
Ukraine’s cyberspace relatively spared
Ukraine’s CERT, the cyberattack response team reported last week 60 different incidents since the Russian offensive began. Eleven targeted the government and local authorities, the army and the police. CERT states that “ Despite the growing number of attacks, most of them come to nothing “.
Many observers point out that the cyberwar in Ukraine is less intense than feared. Some caution is in order, however, as it is likely that not all offensives in cyberspace will be disclosed. Nevertheless in a large part of Ukraine fixed and mobile Internet still works, although, according to Ukrtelecom, connectivity has dropped by 16% compared to its level before the conflict.