Booking and some services in "Dii" are unavailable. Here's what we know about the large-scale cyberattack on Ukraine.
Ukraine has experienced one of the most extensive cyberattacks in recent times. Russian hackers are behind this attack, which has disrupted several services, including the "Dія" app, raising concerns about data leaks.
RBC-Ukraine reports on what is known about the cyberattack and when the consequences will be addressed.
Cyberattack on December 19: What Happened
Issues with network infrastructure began yesterday morning. As a result, registries under the jurisdiction of the Ministry of Justice of Ukraine were inaccessible, along with the call center and the websites of the Ministry of Justice and the State Enterprise "National Information Systems" (which manages the registries).
Amidst this, there were numerous complaints regarding problems with the "Резерв+". The mobile app took a long time to load, and users were unable to log in or access services. The Ministry of Defense reported a technical failure.
Later, the single government services portal "Dія" announced the suspension of registries, resulting in the unavailability of services related to the Unified State Register of Legal Entities, Individual Entrepreneurs, and public formations, as well as registries of civil status acts, property rights, and encumbrances on movable property.
The cause was attributed to updates in the Ministry of Justice registries and technical work by NAIS. At that time, NAIS also noted that government registries would be inaccessible at least until the end of the day.
Late in the evening, the Deputy Prime Minister for European and Euro-Atlantic Integration, Justice Minister Olha Stefanishyna, announced that this was the largest cyberattack in recent times.
"It is now clear that the attack was carried out by Russians with the aim of disrupting the operation of the state's critically important infrastructure," - she noted.
According to her, there was no threat to other resources (outside the Ministry of Justice). The time frame for initial updates will be approximately up to two weeks, and a thorough analysis of the attack will be conducted after full restoration.
Prior to this, a message appeared on the Telegram channel of the Russian hacker group XakNet Team claiming the hacking of "National Information Systems" (NAIS) and the downloading of all databases from the Unified Register of Legal Entities and Individual Entrepreneurs. Following this, hackers reportedly breached the infrastructure containing data from the Ukrainian Ministry of Justice and allegedly downloaded databases containing a billion rows. Additionally, they supposedly deleted all information, not only from there but also from servers abroad where backup copies were stored.
Booking, "Dія," and More: Which Services Are Unavailable
As of midday on December 20, the NAIS website, the Ministry of Justice, the Unified State and government registries (about 60 different registries) are still not operational.
"Dія" was immediately disconnected from the registries as soon as the cyberattack was detected. It was not affected; everything was quickly localized," - Prime Minister Denys Shmyhal stated during the questions to the government session in the Rada.
Currently, more than 20 services in the "Dія" app are temporarily unavailable. Specifically, services such as employee booking, business registration, online marriages, property rights registration, vehicle re-registration, "єВідновлення," "єОселя," and many others are not functioning. The complete list is available via this link.
Some services are partially operational. The Ministry of Internal Affairs service centers have suspended services for changing vehicle ownership, but they are conducting initial registrations, processing gas equipment installations, and users can order license plates, take exams, and request driver’s license replacements.
Russian propaganda is spreading fake news claiming that access to the databases of the TCC is allegedly blocked due to the hacker attack. The Center for Counteracting Disinformation under the National Security and Defense Council asserts that access to the "Oberih" database has not been lost, and the "Резерв+" app is operational.
Deputy Defense Minister for Digitalization Yekaterina Chernogorenko stated that the systems "Oberih," "Army+," and "Резерв+" are functioning continuously.
"The services are working without failures. Electronic reports and documents remain accessible. However, we currently have a large number of requests in the queue, so the wait time for documents in "Резерв+" may take a bit longer than usual," - she noted.
The only temporary limitation is that the receipt of deferrals from mobilization in "Резерв+" has been suspended. Those that were previously obtained remain valid and are displayed correctly in the app.
Despite the disruptions, all departments of the State Registration of Civil Status Acts are operating as usual. The registration of births, deaths, marriages, and divorces is proceeding under normal procedures based on previously submitted applications. However, all certificates issued during the period of registry issues will need to be obtained again if apostilles are required.
"All social payments associated with the occurrence of certain civil status acts are made based on the corresponding applications and will also be processed after the registries are restored," - said Olha Stefanishyna.
According to her, all notarial actions that do not require access to the registries for data verification will be carried out by state and private notaries on paper. The registration and cancellation of wills, termination of inheritance agreements, and several other services are conducted without access to the registries.
When Will the Registries Be Restored
At this stage, work is underway to restore the registries. "All data that was in the Ministry of Justice is preserved and is subject to restoration. The registries will be restored, all data will be recovered. It is a matter of time," - Stefanishyna noted.
Today, she will present a draft at the government meeting stating that deadlines will not be considered until the full restoration of the registries. As for the registration of real estate and businesses, it will be available after the relevant registries resume operations.
According to her, starting Monday, December 23, the restoration of the unified register of powers of attorney, the register of special forms of notarial documents, and the inheritance register will begin. This will help minimize potential negative consequences.
"Within two weeks, we will attempt to restore the full functionality of the government registries," - she added.
Was There a Data Leak Due to the Cyberattack
The leak of personal data, as claimed by Russian hackers, has not yet been confirmed.
"I literally received information just before the press conference from the head of the State Special Communications and Information Protection Service. That the data leak has not been confirmed yet," - said the Deputy Prime Minister.
At the same time, acting head of the Cybersecurity Department of the SBU Volodymyr Karastelyev emphasized that he cannot completely rule out the possibility of a leak.
"I cannot deny that a data leak occurred; an appropriate cyber investigation is underway. After obtaining all necessary data, we will provide you with all the information," - he noted.
Who Is Behind the Large-Scale Attack on Ukraine
The Russian group XakNet Team identifies itself as "hacktivists," meaning they are so-called hackers operating on a voluntary basis. They previously claimed responsibility for the attack on the "Ukraine 24" channel and other cyber incidents.
The Security Service asserts that they are backed by Russian intelligence services. The attack itself was likely prepared over several months.
"The Security Service of Ukraine has opened a criminal case under several articles, including Article 438 "Violation of the Laws and Customs of War." The main version considered by the SBU is that this cyberattack is orchestrated by Russian intelligence services, particularly groups associated with the GRU," - Karastelyev explained.
It is worth noting that the previous largest attack on Ukrainian government websites occurred a week before the start of Russia's full-scale invasion in February 2022. At that time, hackers "took down" government websites, some ministries, and the "Dія" portal.
In a statement, the head of the State Special Communications Service, Oleksandr Potii, mentioned that the cyberattack on