Ukrainian authorities will review the defenses of government computer systems, including at airports and railway stations, after a cyber attack on Kyiv’s main airport was launched from a server in Russia, officials said yesterday (18 January).
Malware similar to that which attacked three Ukrainian power firms in late December was detected last week in a computer in the IT network of Kyiv’s main airport, Boryspil. The network includes the airport’s air traffic control.
Although there is no suggestion at this stage that Russia’s government was involved, the cyber attacks have come at a time of badly strained relations between Ukraine and Russia over a nearly two-year-long separatist conflict in eastern Ukraine.
“In connection with the case in Boryspil, the ministry intends to initiate a review of anti-virus databases in the companies which are under the responsibility of the ministry,” said Irina Kustovska, a spokeswoman for Ukraine’s infrastructure ministry, which oversees airports, railways and ports.
Ukraine’s state-run Computer Emergency Response Team (CERT-UA) issued a warning on Monday of the threat of more attacks.
“The control center of the server, where the attacks originate, is in Russia,” military spokesman Andriy Lysenko said by telephone, adding that the malware had been detected early in the airport’s system and no damage had been done.
A spokeswoman for the airport said Ukrainian authorities were investigating whether the malware was connected to a malicious software platform known as “BlackEnergy”, which has been linked to other recent cyber attacks on Ukraine. There are some signs that the attacks are linked, she said.
“Attention to all system administrators … We recommend a check of log-files and information traffic,” CERT-UA said in a statement.
In December three Ukrainian regional power firms experienced short-term blackouts as a result of malicious software in their networks. Experts have described the incident as the first known power outage caused by a cyber attack.
A US cyber intelligence firm in January traced the attack back to a Moscow-backed group known as Sandworm.
The 23 December outage at Western Ukraine’s Prykarpattyaoblenergo cut power to 80,000 customers for about six hours, according to a report from a U.S. energy industry security group.
Ukraine’s SBU state security service has blamed Russia, but the energy ministry said it would hold off on attribution until after it completes a formal probe.