Stay Updated on Developing Stories

Ukraine cyberattack is largest of its kind in country's history, says official

(CNN) A high-volume cyberattack that temporarily blocked access to the websites of Ukrainian defense agencies and banks on Tuesday was "the largest [such attack] in the history of Ukraine," according to a government minister.

Speaking at a press conference Wednesday, Ukrainian Minister of Digital Transformation of Ukraine Mykhailo Fedorov added that it is too early to tell who was responsible for the attack.

The so-called distributed denial of service (DDoS) attack -- which bombarded Ukrainian websites with phony traffic -- was coordinated and well planned, officials said.

DDoS attacks often disrupt access to IT systems, but their impact can be more psychological rather than having any direct effect on a country's critical infrastructure.

While down for parts of Tuesday, the websites of Ukraine's Ministry of Defense and Armed Forces, and those of two prominent banks, were back up Wednesday, according to CNN journalists in Ukraine. The DDoS attack, however, is ongoing, Ukrainian officials said.

The incident comes as Russia has massed an estimated 150,000 troops close to Ukraine's border, according to US President Joe Biden, and as US officials warn that a fresh Russian invasion could come at any time. Russia has denied it is planning to invade Ukraine.

The US government is investigating the cyberattack on Ukrainian websites, a top State Department official said Wednesday, while suggesting that Russia has a history of carrying out such hacks.

"But who is best at this, who uses this weapon all around the world? Obviously, the Kremlin," Undersecretary of State Toria Nuland said on CBS This Morning.

"While we're still investigating and doing forensics along with the Ukrainians, I think what's most important is that these cyberattacks were not very successful," Nuland said. She credited Ukrainian officials for responding quickly and helping the websites recover.

Internet traffic hitting Ukrainian websites during the DDoS attack was "three orders of magnitude more than regularly observed traffic," according to data collected by cybersecurity firm CrowdStrike.

Ninety-nine percent of the traffic involved a type of digital request to computer servers, "indicating the attackers were attempting to overwhelm Ukrainian servers," said Adam Meyers, CrowdStrike's senior vice president of intelligence.

A Ukrainian intelligence report recently obtained by CNN pointed to Russia's effort to destabilize "Ukraine's internal situation by using economic, energy, information, cyber, social, ethnic, and other tools."

Ukraine has concluded that Russia and Belarus were responsible for a separate cyberattack that hit government websites last month.

"As a result of a massive hacker attack on the night of January 14, 2022, the web pages of the Government of Ukraine" were shut down. The attacks were carried out by a group affiliated with the Russian and Belarusian special services," the Ukrainian intelligence report said.

Similarities in the infrastructure used in Tuesday's DDoS attack and the one last month suggest the incidents could be connected, Ukrainian officials said Wednesday.

In mid-January scores of Ukrainian government websites were targeted in a cyberattack with threatening text warning Ukrainians to "be afraid and wait for the worst," and alleging their personal information had been hacked.

Ukraine claimed Russia was most likely behind the attack, which affected the websites of the Ministry of Foreign Affairs and a number of other government agencies.

CNN's Jennifer Hansler and Kylie Atwood contributed to this report.
Outbrain