Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label Security Service of Ukraine(SBU). Show all posts

Ukrzaliznytsia Cyberattack Disrupts Online Ticket Sales but Train Services Remain Unaffected

 

Ukraine’s national railway operator, Ukrzaliznytsia, has fallen victim to a large-scale cyberattack, severely disrupting its online ticket sales and forcing passengers to rely on physical ticket booths. The attack, which began on March 23, has caused significant delays, long queues, and overcrowding at train stations as people struggle to secure their travel arrangements. Despite the disruption to digital services, train schedules have remained unaffected, ensuring that rail transportation across the country continues without major interruptions.

In response to the attack, Ukrzaliznytsia has taken steps to mitigate the inconvenience by deploying additional staff at ticket offices to accommodate the surge in demand. However, the company acknowledged that waiting times remain long and urged passengers not to overcrowd sales points unnecessarily. To ensure that military personnel are not affected by the disruption, they have been granted the option to purchase tickets directly from train conductors. Meanwhile, civilians who had bought their tickets online before the cyberattack are advised to use the PDF copies sent to their email or arrive at the station early to seek assistance from railway officials. 

Ukrzaliznytsia confirmed the cyberattack in an official statement across multiple communication platforms, apologizing for the inconvenience caused to passengers. The company emphasized that, despite the challenges, train operations were running smoothly and schedules had not been impacted. Officials noted that prior experience with cyberattacks had helped strengthen the railway’s response mechanisms, allowing it to implement backup protocols that ensured continuity of service. 

However, online ticket sales remain unavailable as efforts continue to restore affected systems. Describing the attack as highly systematic and multi-layered, Ukrzaliznytsia stated that it was working closely with cybersecurity specialists from Ukraine’s Security Service (SBU) and the Government Computer Emergency Response Team (CERT-UA) to identify vulnerabilities and strengthen its defenses. While the company did not specify the origin of the attack, cyber threats targeting Ukrainian infrastructure have been a persistent issue since the start of Russia’s full-scale invasion. Both state agencies and private companies have faced frequent cyber incidents, highlighting the growing challenges in securing critical infrastructure. 

Despite the cyberattack, Ukrzaliznytsia remains committed to maintaining uninterrupted rail service. The company reassured passengers that its backup systems were in place to handle such incidents, ensuring that transportation across Ukraine and beyond continues without disruption. However, no specific timeline has been given for when online ticketing services will be fully restored, leaving passengers to rely on in-person ticket purchases for the foreseeable future.

Russia Hacks Surveillance Cameras to Monitor Attacks in Kyiv


During Tuesday's intense missile and drone strikes on Ukraine's capital, Kyiv, which left over 250,000 people without internet or electricity amid dropping winter temperatures, Russian military intelligence broke into surveillance cameras to spy on Ukrainian air defenses and Kyiv's vital infrastructure.

Security Service of Ukraine informed that it responded to the hack by blocking and dismantling the suspected camera. 

The agency further advised online users to cease transmitting and watching security camera feeds online, as Russian military intelligence is utilizing the "collected data for preparing and adjusting strikes on Kyiv."

Russia has been attacking Kyiv and Kharkiv since New Year’s holiday weekend, resulting in five casualties and over 130 injured. On Tuesday, around 100 missiles were fired on the two cities. 

These attacks were monitored by the Russian intelligence by hacking into the online surveillance cameras that are privately-owned. "According to SBU cyber specialists, one of the devices was located on the balcony of an apartment building and was used by a local condominium to monitor the surrounding area," the SBU reported.

Hackers secretly recorded all visual data inside the surveillance camera's viewing range by gaining remote access to the device and altering its viewing angle. According to the SBU, Russian intelligence then viewed the feed on YouTube to assist the military in tracking the airstrikes and informing soldiers about their targets.

The hacked surveillance camera used for monitoring the parking lot of other residential complex in Kyiv helped hackers to surveille the surrounding areas, which comprised vital infrastructure facilities.

Internet and Power Supply Affected

The energy company DTEK said that Russian missiles had damaged power grid equipment and overhead lines in Kyiv and the surrounding region, causing blackouts that affected nearly 260,000 Kyiv residents. Russian missiles, drones, and bombers also struck Ukrainian internet and power supply services.

DTEK tweeted, "Critical infrastructure, industrial, civilian and military facilities were attacked. The main focus of the attack was the capital of Ukraine[…]DTEK's power engineers are quickly restoring power after the attack."

As of Wednesday, DTEK Executive Director Dmytro Sakharuk announced that all 260,000 residents in Kyiv and an additional 185,000 residents in the surrounding districts had their power restored. "We are now continuing to repair networks after yesterday's shelling, because some consumers had to be connected via backup circuits."  

Ukraine Seized Gaming Consoles used for Illegal Crypto Mining

 

The Security Service of Ukraine (SBU), Ukraine's top law enforcement agency, reported last week that it had discovered a large-scale electricity theft in Vinnytsia, in west-central Ukraine. The stolen power was used to mint digital currency in the country's largest illegal crypto farm discovered to date, according to officials. Residents of Vinnytsia and Kyiv established the mining facility in a former warehouse of JSC Vinnytsiaoblenerho, according to a press release on the agency's website. Using electrical metres that did not indicate the true energy consumption, they were able to hide the theft from the distribution firm. 

Law enforcement seized around 5,000 items of mining hardware, including 3,800 gaming consoles, over 500 video cards, and 50 processors, during searches at the crypto farm and its owners' homes. Agents seized electricity consumption records, as well as notebooks, phones, and flash drives, according to the announcement.

Under the direction of Ukraine's Prosecutor General's Office, the SBU Department for Counterintelligence Protection of State Economic Interests, in collaboration with the regional SBU Office in Vinnytsia and the Main National Police Investigation Department, conducted the operation. 

According to preliminary estimates published by Ukrainian officials, the illegal mining activity is responsible for electrical losses in the range of 5 to 7 million hryvnia, or $183,000 to $256,000 at the time of writing. Officials added that the heavy usage could have caused power surges and disruptions in the neighboring communities. For unauthorized usage of electricity, the SBU has filed a criminal complaint. Investigators are now seeking to figure out who is behind the illegal crypto mining and if any JSC Vinnytsiaoblenerho employees are involved as well. 

The report from Vinnytsia follows the closure of an illegal mining farm in Chernihiv Oblast by Ukrainian law enforcement last week. The facility was run off of stolen electricity from the local power grid. Authorities confiscated 150 mining equipment that had burned electricity worth $110,000 during a raid on rented facilities. In early June, the SBU discovered a crypto farm in Dnipropetrovsk Oblast with 350 mining rigs that were illegally linked to the power system and had consumed over $70,000 in electricity. 

Last year, Ukraine was ranked first in the world in Chainalysis' Global Crypto Adoption Index. The Eastern European country is attempting to lead the region with crypto-friendly efforts such as the introduction of a bill to determine the legal status of crypto assets in the country, as well as guidelines for their circulation and issuance.

The Security Service of Ukraine (SBU) counted more than 100 cyberattacks on government websites


The SBU has neutralized 103 cyberattacks on information resources of state authorities since the beginning of the year.

According to the Agency, since March, a significant number of attacks take place against agencies that ensure the fight against coronavirus. The SBU reported that hackers send emails with malicious software code to the mailboxes of state institutions.

“Hacker attacks come from Russian intelligence agencies, which are trying to gain remote access to the computers of Ukrainian government agencies. Then they plan to distort or destroy data, distribute fakes allegedly on behalf of government agencies, as well as discredit the actions of the Ukrainian authorities,” the SBU said, accusing Russia of carrying out coronavirus cyberattacks.

The Department stressed that in January-March, the work of almost two thousand sites that the hackers used to carry out the attacks was stopped. 117 criminal cases were opened. The SBU also sent recommendations to state agencies on compliance with information security.

Earlier, the head of the SBU, Ivan Bakanov, made a proposal to the Council of National Security and Defense of Ukraine to extend sanctions against Odnoklassniki and Vkontakte social networks, as well as other Russian services and programs for another three years.

It is noted that cyber specialists of the SBU analyzed that during the period of sanctions, the number of Ukrainian users in these social networks has decreased by 3 times. And this significantly narrowed down the target audience, to which the information operations of the Russian special services are directed.

“Fakes in countries of established democracy are equated to weapons of mass destruction. A hybrid war continues against Ukraine, and we continue to resist information attacks from the Russian Federation. Therefore, it makes sense to continue the sanctions: this will protect our citizens from fakes and manipulations, and, accordingly, we will preserve the security of the state," said Mr. Bakanov.

It is worth noting that the sites of the Russian antivirus companies Kaspersky Lab and Doctor Web were among the sanctions list.