Summary: Ukraine’s Ministry of Justice has faced its largest cyber-attack, attributed to a Russian GRU-affiliated hacker group, prompting a criminal investigation by the Security Service of Ukraine (SSU). The attack has temporarily disrupted critical state registers, with efforts underway to restore services and enhance cybersecurity measures.
Threat Actor: GRU Hacker Group | GRU
Victim: Ministry of Justice of Ukraine | Ministry of Justice of Ukraine
Key Point :
- Cyber-attack attributed to Russian intelligence services, specifically a GRU hacker group.
- Temporary suspension of the Unified and State Registers due to the attack.
- SSU is coordinating efforts to repel the attack and restore systems.
- First registers to be restored include civil status acts and legal entities.
- Estimated recovery time for initial services is up to two weeks.
Ukraine’s state registers, operated by the Ministry of Justice, have suffered their largest cyber-attack, with the Security Service of Ukraine (SSU) opening a criminal investigation into the incident, which it has attributed to Russia.
The SSU has established that a hacker group affiliated with the main intelligence directorate of the general staff of the Russian armed forces (GRU) was involved in the cyber-attack.
Meanwhile, Olga Stefanishyna, Deputy Prime Minister for European and Euro-Atlantic Integration of Ukraine and Minister of Justice, also called out Russia as the perpetrator of the attack in a post on Facebook on December 19.
βIt’s already clear that the attack was made by the Russians in order to disrupt the work of the critically important infrastructure of the state.β she said.
βThe enemy is trying to use this situation in his intelligence operations to sow panic among citizens of Ukraine and abroad.β
Russia has not commented on the claim.
As a result of a targeted attack, the work of the Unified and State Registers, which are in the jurisdiction of the Ministry of Justice of Ukraine, has been temporarily suspended.
Stefanishyna said that work is being coordinated with the internal team and specialists from other services to countering the cyber-attack and restoring systems.
The SSU Cyber Security Department has been involved in efforts to contain the attack.
βOverall, we are working in three areas: repelling the attack, restoring the infrastructure and documenting this war crime. The main line of enquiry is that Russian intelligence services, in particular a GRU hacker group, is behind this cyberattack,β said acting Head of the SSU Cyber Security Department Volodymyr Karastelyov during a joint briefing with Stefanishyna.
According to the preliminary assessment, there are no threats of functioning to other resources.
After full recovery, a thorough analysis of the attack will be carried out together with the profile authorities to strengthen protection against similar interventions in the future.
βWe are keeping the situation under control and doing everything necessary to restore all services as soon as possible,β Stefanishyna said.
The first registers to be restored will be:
- The State Register of Civil Status Acts of Citizens
- The only state register of legal entities and individuals of entrepreneurs
- State register of rights to real estate and their burdens.
Stefanishyna said the time of the first renewal will be approximately up to two weeks.
Source: https://www.infosecurity-magazine.com/news/ukraines-probes-gru-linked