Ukraine’s Ukrtelecom Suffers Outage After Cyberattack

Ukraine - Shutterstock - © Mykhaylo Palinchak

Major internet disruption in Ukraine this week, after ‘nation-scale’ cyberattack on national telecoms provider Ukrtelecom

The most severe cyberattack in Ukraine since Russia invaded the country, has resulted a major internet outage at telecom giant Ukrtelecom.

According to internet monitoring service NetBlock on Monday, a “major internet disruption has been registered across #Ukraine on national provider #Ukrtelecom; real-time network data show connectivity collapsing to 13% of pre-war levels; the provider reports issues assigning new sessions.”

NetBlock issued an update on Tuesday, in which it said Ukrtelecom confirmed it was a “nation-scale disruption to service, which is the most severe registered since the invasion by Russia.”

Ukrtelecom outage

Ukrtelecom claims to Ukraine’s largest provider of fixed-line internet in terms of geographical coverage, but rival Kyivstar has more customers.

The outage at Ukrtelecom lasted 15 hours, before Ukraine officials said they repelled the cyberattack.

“Today, the enemy launched a powerful cyberattack against Ukrtelecom’s IT-infrastructure,” Yurii Shchyhol, chairman of the State Service of Special Communication and Information Protection of Ukraine was quoted by Reuters as saying.

“The attack was repelled. And now Ukrtelecom has an ability to begin restoring its services to the clients,” he said.

“Currently, the attack is repulsed, the provision of services is gradually resumed,” Ukrtelecom spokesperson Mikhail Shuranov was quoted as saying.

Telecom targets

One security expert warned that telecom providers will be targetted in the weeks ahead.

“Telecommunications providers will inevitably be targeted under the premise of attempting to wipe out communications as a war tactic,” said Jake Moore, global cyber Security advisor at ESET.

Jake Moore, ESET

“Digital battles continue to cause havoc and place unnecessary pressures on vital lines of communications which are likely to increase in precision as time goes on,” said Moore.

“The collateral and wider damage caused by the outage highlights the level of persistency used in these attacks where only one strike needs to get through from the thousands of attempts to cause this level of disruption,” Moore concluded.

Ukraine attacks

Until now security experts have been somewhat surprised at the lack of large-scale cyberattacks in the region, during Russia’s unprovoked invasion of its neighbour.

That said before the invasion began, there were a number of cyberattacks as Russia amassed huge numbers of troops on the border.

In January Ukraine suffered a cyberattack that impacted at least 70 government websites, as well as the US, UK and Swedish embassies.

Then a week before the invasion, a huge denial-of-service (DDoS) cyberattack hit Ukraine’s Ministry of Defence, as well as two local banks.

Infrastructure resilience

During the heavy fighting, Ukraine’s communication infrastructure has remained mostly online.

But Ukraine’s State Service of Special Communication and Information Protection, which is responsible for the country’s cyber-security, said this was no surprise considering the steps Ukraine took to harden its communication infrastructure.

“They have done a great job creating backup fiber-optic communication channels,” noted SSSCIP head Yuriy Shchygol. “That is why it is impossible to destroy the entire system by cutting the cable.”

“Our mobile operators have reported considerable efforts to ensure stable operation of the networks,” said Shchygol. “Over the past two years significant investments and substantial sums were made to reserve the lines and ensure their most rapid renovation.”

“So now, thanks to the hard work of all those involved in the refurbishment process, and thanks to the operators and volunteers who work under the gunfire, and ensure the stable functioning of this extraordinarily complex system,” said Shchygol.

“The enemy will not give up its plans to destroy the Ukrainian communications infrastructure, because it is an important component of truthful information about what is happening in the country, including temporarily occupied territories,” warned Shchygol.

“One of the first tasks for the occupier is to eliminate the possibility of providing objective information to the population,” said Shchygol. “That is why they disable TV channels, conduct cyber attacks on media and information resources.”

“We have a number of cities that are currently without telecommunications,” Shchygol admitted. “Last night Berdyansk and Melitopol were left without connection for an hour. However, the government together with the operators is taking all possible steps to restore mobile networks and Internet access.”