Threat actors defaced Ukrainian government websites

Pierluigi Paganini January 14, 2022

Threat actors defaced multiple Ukrainian government websites after talks between Ukrainian, US, and Russian officials hit a dead this week.

Threat actors have defaced multiple websites of the Ukrainian government on the night between January 13 and January 14. The attacks were launched after talks between Ukrainian, US, and Russian officials hit a dead end on Thursday.

The attackers deleted the content of multiple websites, including the Ukrainian Ministry of Foreign Affairs, Ministry of Education and Science, Ministry of Defense, the State Emergency Service, and the Cabinet of Ministers.

Defaced websites were displaying the following message in Russian, Ukrainian and Polish languages.

“Ukrainian! All your personal data has been sent to a public network. All data on your computer is destroyed and cannot be recovered. All information about you stab (public, fairy tale and wait for the worst. It is for you for your past, the future and the future. For Volhynia, OUN UPA, Galicia, Poland and historical areas.” reads a translation of the message.

Ukrainian Government is investigating the attack, but intelligence experts speculate the offensive was launched by Russia-linked actors. The Ukrainian government has yet to officially attribute the attacks to any nation-state actor.

According to journalist Kim Zetter, attackers apparently exploited a vulnerability in the October CMS tracked as CVE-2021-32648, a news later confirmed by the national CERT.

“On the night of January 13-14, a number of government websites, including the Ministry of Foreign Affairs, the Ministry of Education and Science and others, were hacked. Provocative messages were posted on the main page of these sites. The content of the sites was not changed and the leakage of personal data, according to preliminary information, did not occur.” reads the advisory published by CERT-UA “According to the results of processing possible attack vectors, the use of the October CMS vulnerability by attackers is not excluded:”

Ukrainian CERT states personal data was not stolen by attackers.

The CERT-UA provided recommendations on how to recover the compromised websites.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ukrainian government websites)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment