95% of government websites affected by cyber attack restored

Within the relevant criminal proceedings, the SSU is investigating the cyber attack on state institutions and private enterprises on the night of January 14, 2022.

The investigators established that during the attack there was an unauthorized change in the pages of sites, and the IT-infrastructure of state authorities using products of the same developer was affected. The developer was also affected in the incident.

The attack used vulnerabilities of the website content management systems (OctoberCMS) and Log4j, as well as compromised accounts of the developer’s employees.

The attackers’ actions led to damaging MBR records (service information on the media required to access the data) on individual servers and user computers. This applies to both Windows and Linux.

Currently, the investigators are collecting digital evidence, analyzing malicious software and log files of the affected systems.

95% of sites affected by the cyber attack against state information resources have resumed operation.

The main cybersecurity entities (the SSU, the State Service of Special Communication and Information Protection and the Cyberpolice with the assistance from the Ministry of Digital Transformation of Ukraine) are investigating the incident and taking steps to respond to it.