The so-called Russian hacktivists associated with the Russian Federation’s General Staff Directorate (formerly known as GRU) continue to carry out complex attacks against Ukraine, combining cyberattacks and information and psychological operations.
Today, the official Facebook page of the State Statistics Service of Ukraine posted a message about a cyberattack that allegedly made it impossible to provide statistical data to Ukrainian government agencies, “complicated the provision of assistance to tax authorities” and led to “the suspension of the provision of statistical data related to the economy, demography, employment and labor migration to the General Staff of the Armed Forces of Ukraine.”
The message was immediately posted on the telegram channel of one of the Russian “hacker groups”. This channel has been repeatedly used as a platform for disinformation campaigns by Russian intelligence agencies.
The publication about the cyberattack and its “consequences” appeared as a result of compromising the official Facebook page of the State Statistics Service. Access to the page has now been restored and the post has been deleted.
Was there an attack?
The government’s computer emergency response team CERT-UA, which operates as part of the State Special Communications Service, and the State Statistics Service of Ukraine confirm that the attack on the State Statistics Service’s information resources took place. However, its results are significantly exaggerated. In particular, it can now be stated that the State Statistics Service’s information resources were not affected by the incident. The data processed on the resources of the Service, the server equipment of the State Statistics Service, as well as the information and communication infrastructure, were not affected. The Service is also able to continue providing statistical data.
According to preliminary data, several work computers of the State Statistics Service employees were affected as a result of the attackers’ attempt to implement a ransomware attack. One of them was used to gain access to the Service’s Facebook page.
It is also worth noting that the activities of the State Statistics Service of Ukraine do not include “assisting tax authorities” or “providing the General Staff of the Armed Forces of Ukraine with statistical data related to the economy, demography, employment and labor migration”.
Localization of the consequences
Currently, a team of CERT-UA and SCCC of the SSU’s DCIB is at the facility to localize the consequences of the incident and establish the extent of the penetration and destructive actions. The corporate network has been disconnected from the Internet, response measures are being taken and further steps are being taken to overcome the consequences of the incident.
Separately, the SBU is studying the issue of collecting evidence to document Russian aggression within the framework of the relevant criminal proceedings.
The official website of the State Statistics Service has been temporarily suspended.
Ukraine’s cyber defense actors perceive this attack as another episode of Russia’s hybrid war against Ukraine and once again call on responsible employees of organizations not to ignore reports of signs of anomalous activity and to take immediate measures to reduce the “surface” of the attack.