SSU investigates Russian involvement in cyber attacks on Ukrainian government websites

The SSU, together with the State Service of Special Communication and Information Protection and the Cyber ​​Police, is investigating the cyber attack on government websites on the night of January 14, 2022.

Overall, more than 70 state websites were attacked, with unauthorized interference into 10 of them.

The content of the sites was not changed, and no personal data was leaked.

Our specialists, together with the administrators of the ministries and institutions, have restored the operation of most resources.

Upon the SSU initiative, a number of critical state resources were temporarily suspended, including Diia e-governance portal, to localize the technical problem and to prevent the spread of the attack. The Diia mobile app was and is fully operational.

The information in the media that hackers exploited a specific vulnerability of the content management system was just one of the versions that was investigated.

Now, at the end of the day, we can say with high probability that, among other things, there was the so-called supply chain attack. The attackers hacked the infrastructure of a commercial company that had access with administrative rights to the web resources affected.

The important task was to establish the method of implementing the attack, collect digital evidence, as well as to restore functionality of web resources.

Over the weekend, experts will continue to investigate in order to establish the entities, individuals behind the crime. All details of the event are documented within the criminal proceedings opened by the SSU.

At present, we can say that there are certain signs indicating involvement of hacker groups associated with Russian special services in the incident.