Ukraine alleges Russia launched cyberattack as latest tactic in 'hybrid war'

Ukraine said Sunday that Russia was behind a cyberattack that defaced its government websites. Meanwhile, the Canadian government is urging people to avoid non-essential travel to Ukraine, in a new advisory citing "Russian aggression."

Canada advises against non-essential travel to Ukraine due to 'Russian aggression'

A laptop screen displays a warning message in Ukrainian, Russian and Polish that appeared on the official website of the Ukrainian Foreign Affairs Ministry after a major cyberattack launched on Thursday. (Valentyn Ogirenko/Illustration/Reuters)

Ukraine said Sunday that Russia was behind a cyberattack that defaced its government websites and alleged that Russia is engaged in an increasing "hybrid war" against its neighbour.

The statement from the Ministry of Digital Development came a day after Microsoft said dozens of computer systems at an unspecified number of Ukrainian government agencies had been infected with destructive malware disguised as ransomware. That disclosure suggested the attention-grabbing defacement attack on official websites last week was a diversion.

"All evidence indicates that Russia is behind the cyberattack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces," the ministry statement said.

The attack comes as the threat of a Russian invasion of Ukraine looms and diplomatic talks to resolve the tense standoff appear stalled.

In an interview with CBC News, published Sunday, NATO Secretary General Jens Stoltenberg described Russia as "the aggressor." He said it was up to Russia to de-escalate and that NATO was willing to sit down again and listen to Moscow's concerns.

Russia denies plans to attack Ukraine but says it could take unspecified military action unless its demands — including a promise by the NATO alliance never to admit Kyiv — are met.

Canada warns against travel

The Canadian government is urging people to avoid non-essential travel to Ukraine, in a new advisory citing "Russian aggression."

Moscow has stationed more than 100,000 troops near the border with Ukraine, and the United States said on Friday it feared Russia was preparing a pretext to invade if diplomacy failed to meet its objectives.

"We have changed the risk level for Ukraine to avoid non-essential travel due to ongoing Russian aggression and military buildup in and around the country," the Canadian government said in a travel advisory issued late Saturday.

Canada, with a sizable and politically influential population of Ukrainian descent, has taken a hard line with Russia since its annexation of Crimea from Ukraine in 2014.

Foreign Affairs Minister Mélanie Joly is to visit Kyiv this coming week to reaffirm Canada's support for Ukrainian sovereignty and reinforce efforts to deter "aggressive actions" by Russia, Ottawa said earlier. She will meet Ukrainian Prime Minister Denys Shmyhal and travel to the west of the country to speak to a 200-strong Canadian training mission that has been there since 2015.

Dozens of government websites affected

Microsoft said in a short blog post on Saturday that it first detected the malware on Thursday. That would coincide with the attack that simultaneously took some 70 Ukrainian government websites temporarily offline.

In a different, technical post, Microsoft said that the affected systems "span multiple government, non-profit, and information technology organizations." It said it did not know how many more organizations in Ukraine or elsewhere might be affected but said it expected to learn of more infections.

A top private-sector cybersecurity executive in Kyiv, Oleh Derevianko, told The Associated Press that the intruders penetrated the government networks through a shared software supplier in a supply-chain attack like the 2020 SolarWinds Russian cyberespionage campaign that targeted the U.S. government.

Major cyberattack in 2017

In 2017, Russia targeted Ukraine with one of the most damaging cyberattacks on record with the NotPetya virus, causing more than $10 billion in damage globally. That virus, also disguised as ransomware, was known as a "wiper" that erased entire networks.

In Friday's mass web defacement, a message left by the attackers claimed they had destroyed data and placed it online, which Ukrainian authorities said had not happened.

The message told Ukrainians to "be afraid and expect the worst."

With files from Reuters