KYIV. Feb 16 (Interfax) - The DDoS attacks on the websites of a number of Ukrainian banks and government institutions on February 15 were intended to have more of a psychological and informational effect than a destructive one, Ukrainian National Security and Defense Council Deputy Secretary Serhiy Demedyuk said.
"The National Bank of Ukraine, as one of the cybersecurity pillars, did excellently, and we had no financial losses," Demedyuk said at a press briefing in Kyiv on Wednesday.
"We qualify this DDoS attack as an informational-psychological one. Not as a destructive one, as it didn't damage infrastructure, but one targeted solely at the population: to show the absence of access to electronic information resources offered by the state and financial institutions," Demedyuk said.
There were reports as early as on the morning of February 15 that numerous citizens, mainly military service members and law enforcement officials, started receiving text messages informing them that cash machines would stop working later in the day.
"This was a coordinated attack, so as to have ordinary people themselves start helping the offenders wage a passive DDoS attack on the resources by checking their assets, making sure whether everything was working, and withdrawing cash," Demedyuk said.
"No losses, damage, or theft has taken place. The financial system is stable, the energy sector is operating without interruption, and everyone is working in stable mode," he said.
When the website of a government organization is not working, "this does not [always] mean that something isn't working [...] sometimes it's done on purpose in line with the protocols, where resources are disconnected in order to monitor and promptly detect, neutralize, or contain an attack," he said.
Meanwhile, a senior official with the Ukrainian Security Service said a criminal case has been opened into the February 15 DDoS attacks. While it is too early to name possible perpetrators, foreign special services could be seen behind them, he said.
Illia Vityuk, chief of the Security Service's cybersecurity department, said at a press briefing in Kyiv on Wednesday, "We've recorded these cyberattacks yesterday and today. We are carrying out criminal proceedings along with the Prosecutor General's Office into the establishment of a criminal organization by special and intelligence agencies of foreign special services to commit unauthorized interference with computer and IT systems of government bodies and other organizations and establishments."
He said it was too early to speak about specific perpetrators. "It takes a long time, and it's complicated work to deal with crimes of this type," he said.
"This attack may cost up to a million U.S. dollars. An individual hacker or group of hackers can't afford to spend that much money. Such attacks are carried out by states via their special services or special infrastructure," Vityuk said.
"We clearly see a trail of foreign special services here. And there is some similarity between yesterday's and today's attack and those committed on [February] 13 and 14," he said.
As reported earlier, a massive DDoS attack on a number of Ukrainian banking and government web resources was recorded in the afternoon on February 15, 2022. In particular, the websites of the Ukrainian Defense Ministry and Armed Forces were attacked, and some of PrivatBank's and Oschadbank's online services were disrupted. The operations of the online banking services were resumed by 7:30 p.m. on February 15.
Ukrainian Deputy Prime Minister and Digital Transformation Minister Mykhailo Fedorov said on Wednesday that Ukraine saw the largest DDoS attack on government and banking websites in its history on February 15. He said the attack had been prepared in advance and cost "millions of US dollars."
"The goal was to destabilize the situation and incite panic," Fedotov said.
Viktor Zhora, deputy chief of the Ukrainian State Service for Special Communication and Information Protection (SSSCIP), said earlier in the day that the relevant Ukrainian agencies were keeping the ongoing DDoS attack on a number of government web resources under control. "The situation is fully under control now, and the attack is continuing. The average capacity of the attack being recorded by the SSSCIP's Protected Internet Access System is reaching dozens of gigabytes per second," Zhora said.
The SSSCIP is recording a variety of cyberattack techniques, including SYN-ACK Flood, UDP-Flood, as well as BGP hijacking and DNS Amplification, and their diversity proves that they were well coordinated, and yet Ukraine is completely capable of countering them, he said.