Government and private websites in Ukraine have been knocked offline in a massive distributed denial-of-service attack as Russian troops move into contested areas in the east of the country.

Websites knocked offline included the Ukraine Ministries of Foreign Affairs, Defense and Internal Affairs, the Ukraine Security Service and the Cabinet on Ministers. Two banks, Privatbank and Oschadbank, were also taken offline.

“Today, websites of a number of government and banking institutions have undergone a massive DDoS attack again,” the State Service of Special Communication and Information Protection of Ukraine said in a statement. “Some of the attacked information systems are not available or work intermittently.”

Whether Russia has invaded Ukraine as yet is subject to interpretation. Russian forces have moved into areas of Denetsk and Luhansk, within Ukraine’s internationally accepted borders that rebel groups have held since 2014. Russia claims that the troops have entered the breakaway regions as part of a peacekeeping mission, while others claim it counts as an invasion of Ukraine. Other reports say that the troop movements are a prelude to a full-blown invasion.

Whatever the next step may be, Russia was always likely to attack Ukrainian websites ahead of a possible invasion. Similar DDoS attacks also targeted Ukrainian websites last week.

“This DDoS attack on Ukrainian government agencies and two of the largest state-owned banks follows right on the heels of last week’s attack on the same entities as tensions between Russia and Ukraine escalate,” Nick Tausek, security automation architect at low-code security automation provider Swimlane Inc., told SiliconANGLE. “The Ukraine Security Service website was also impacted after having issued a press release stating that the country is being targeted by a ‘massive wave of hybrid warfare.’

The attacks show the potential of state actors aiming to impose disruption and fear, Tausek added. “The increased risk of malicious cyber activity in the U.S. and around the world due to Russia-Ukraine tensions should encourage security teams to invest in and prioritize their routine cybersecurity practices,” he said.

Chester Wisniewski, principal research scientist at security software and hardware company Sophos Group plc, noted that false flags, misattribution, disrupted communications and social media manipulation are all key components of Russia’s information warfare playbook.

“They don’t need to create a permanent cover for activities on the ground and elsewhere, they simply need to cause enough delay, confusion and contradiction to enable other simultaneous operations to accomplish their objectives,” Wisniewski explained. “The misinformation and propaganda will soon reach a fever pitch, but we must keep our nose to the ground, batten down the hatches and monitor for anything unusual on our networks as the conflict cycles ebb and flow and even when or if they end soon.”

Photo: Ministry of Defense of Ukraine/Flickr