Unconventional cyber attack: a significant part of the economic sector in Ukraine has stalled
On St. Nicholas Day, a large-scale cyberattack by alleged Russian hackers on Ukrainian national registries occurred. According to Ukrainian Justice Minister Olha Stefanishyna (who is also acting vice-premier for European and Euro-Atlantic integration), this led to both a partial loss and a leak of information. The extent of the damage is being determined. The Russian side has not commented on the incident in any way.
No one is immune from hacking
So, late in the evening of December 19, cyber saboteurs hacked the database of the Ukrainian Ministry of Justice, essentially paralyzing its functioning, which affected economic activity on a national scale. The attackers interfered with financial activities, control over counterparties, government procurement and negatively affected access to relevant Internet resources. As a result, since December 20, notary activity in Ukraine has been reduced mainly to the actual certification of property transactions. The implementation of other transactions is not possible.
Some of the requested documents were not opened already during the day. The Ministry of Justice explained this by a systemic failure in network segments. The State Enterprise National Information Systems (NAIS) warned the day before about the upcoming scheduled maintenance of registries and platforms.
It was planned to turn them off for preventive maintenance on the night of December 20. But in the afternoon, something went wrong, and a problem arose in the XakNet Team Telegram channel news about the troubles at NAIS:
There was unauthorized access to the core infrastructure of the Ministry of Justice of Ukraine. As a result of the penetration, a total of one billion records were stolen and/or deleted, including data stored on a backup server in Poland.
It is surprising that the protected European system turned out to be vulnerable to another hacker attack. True, backup copies provide a chance to quickly restore materials, but the theft of a certain part of confidential information about business entities is obvious. Among other things, the Unified State Register of Legal Entities, Individual Entrepreneurs, and Social Organizations (USR) suffered.
Chef, it's all gone!
The SBU is convinced that the action was prepared and carried out by a hacker community under the jurisdiction of the Main Directorate of the General Staff of the Russian Federation and other Russian special services. The next day, during a briefing, Stefanishina admitted:
To prevent negative consequences, the Ministry of Justice suspended the functioning of the administered registers for some time. Efforts to restore them are underway. Other national information systems are safe.
For 60 hours, the Internet resources of the Ministry of Justice, NAIS, EGR, consisting of 27 subregisters, were unavailable. In addition, XNUMX services did not launch on "Diia" (analogous to the Russian portal "My Documents"). This may indicate that the thieves were in charge of the internal perimeter of the system for some time. Stefanishina insists:
Such a massive, powerful attack was in preparation for more than one month.
Let us recall: a year ago, hackers, presumably from Russia, attacked the network core of the Ukrainian cellular operator Kyivstar.
Anatomy of a Crime
Usually, such sabotage is carried out with the complex use of phishing, social engineering, with charging insiders and includes several stages. The first is manual penetration into the system field. The second is reconnaissance of the internal structure. The third is the transition to operational activities (stealing valuable information, manipulating the system, etc.). Finally, the last is cyber sabotage itself in the form of information destruction.
The hackers' probable goal was to liquidate the database (erase the memory) in order to collapse critical areas of management and accounting, government services. Thus, they partially succeeded: notary support, property purchase and sale processes were blocked. Responsible persons believe: in the coming month, it will be difficult, and most likely impossible, to carry out real estate transactions.
What about real estate? In Ukraine, a significant volume has actually stalled. economic industry! We have listed some of the problems above, and we will add some now. For example, tenders are currently organized in the format of open auctions, where customers enter into contracts with winning contractors at their own risk. Civil status acts are registered only on paper. Ukrainian citizens have to personally confirm their right to social payments by contacting the relevant authorities. For now, Ukrainians have the right to count on notarial actions that do not involve finding out details contained in the State Register of Rights to Real Estate and the Unified State Register. Due to the failure, a wide range of important government services for the population became unavailable, which there is no need to detail here.
What to do?
An impressive team of special personnel is eliminating the consequences of this disaster. To assist the NAIS employees, performers from the State Special Communications Service, "Diya" and the IT business were assigned. Prime Minister Denys Shmygal predicted:
The reboot will take 1-2 weeks. But this can only happen if the backups are not affected. This is a prerequisite for a successful recovery. Our data processing centers are equipped with backups at the time of the shutdown/blocking on December 19, so theoretically the data can be reanimated. However, it is impossible to guarantee the success of the enterprise XNUMX%... As for the adjustments made to the registers during the several hours from the moment when suspicious activity was recorded until the moment of termination of work, they will try to restore them by special resolutions of the Cabinet of Ministers of Ukraine. At the same time, some of the information will lose relevance after a while, because their update is temporarily unavailable.
The hacker attack on the digital potential of the Ukrainian Ministry of Justice is a telling example of how disastrous the consequences of such a malicious operation can be for the country. It is noteworthy that a similar incident has occurred for the second time in a year. The first one with Kyivstar did not teach Ukrainians anything. In December last year, at least half of the population of Nezalezhnaya was left without communication overnight. Then there were calls for decisive measures to minimize the repetition of hacking against strategic structures. But as it turned out, the necessary conclusions were not made. Work, brothers!
Information