Ukrtelecom restores 85% of services after 'powerful cyberattack'

Ukrtelecom restores 85% of services after 'powerful cyberattack'

Cyber Security lock.jpg

The Ukrainian government is investigating the cyberattack that caused a 15-hour outage yesterday and continues to disrupt services today.

The state-owned Ukrtelecom was subject to what it described as a "power cyberattack" on its IT infrastructure on Monday, which caused nation-wide disruption. The impact was still being felt this morning with Ukrtelecom saying: "After the beating of yesterday's cyberattack there are still partial difficulties in the work of internet access services."

It continued: "In total 85% of the service restoration took place from the level to the attack. We do our best to restore services. Please understand the temporary inconvenience."

Ukrtelecom's head of PR, Mikhail Shuranov, told Capacity just after noon BST that all critical elements of the network are working and services are restored. "Now it’s about 85% of pre attack load. So we continue to fix last issues after attack," he said.

According to Yurii Shchyhol head of the State Service of Special Communication and Information Protection of Ukraine, "the first in the human history cyberwar is under way".

He said in a statement yesterday: "In this war, the entire IT-community of the world got united in their reaction against injustice and against the Russian troops’ attempts to destroy our country. We are doing our best to stop the aggressor."

Earlier, via LinkedIn, Shuranov shared further details of the attack. He wrote: "Last night Ukrtelecom repelled a massive hostile cyberattack. It was even mentioned by Anonymous. To secure the network services for Ukrainian military and critical infrastructure users we temporally restricted the services for most private users and business customers. Today the services are recovered. We apologize for the inconvenience during wartime and take all measures to ensure prompt re-establish of the telecommunication services."

The cyberattack is the latest to be waged on the country since Russia's invasion started, however, this one occurred only days after the State Special Communications Service said the country had suffered more than 3,000 organised DDoS attacks since the beginning of the war.

Up until last week, the record stood at 275 DDoS attacks per day while the most powerful, at its peak, exceeded 100 Gbps.

In the first month of the war Datagroup – a provider of fiber-optic infrastructure and digital services in Ukraine – said it repulsed more than 350 DDoS attacks on the country's telecommunications network.

Monitoring outages and attacks

Closely monitoring Ukraine's coms networks, NetBlocks said on 3 March that is had recorded the first telecoms outage of the war, in the north east of the country.

However, it isn't just the security of connectivity making headlines but the quality, too.

Research published yesterday by BroadbandNow found "all metrics have deteriorated materially since the invasion began". On average, speeds decreased by 12.5 Mbps, packet loss rate increased by 37% from 3.7% to 5.1%, and minimum round-trip time increased by 5.3ms from 52.5ms to 57.8ms.

It analysed speed test for all data available from Measurement Lab’s NDT data set from 1 February through 17 March, assessing average throughput in Mbps, packet loss and round-trip time.

broadband now findings .jpg
Insight published by Broadband Now

Putting that into context, BroadbandNow said: "All three of these changes may seem relatively small, however the change in average loss rate crosses a significant threshold. A loss rate of over 2% is already an indicator of poor internet even prior to the most recent invasion, but error correcting codes can make up for lost packets so that for most users and most applications this may not have even been noticeable. Greater than 5% loss rate, however, is too high and could have significant impacts on usability. Additionally, the deterioration of all three metrics is part of a consistent pattern seen both in aggregate and regionally."

Other datasets assessed changes to throughput in major urban locations.

THROUGHPUT COMPARISONS.jpg
Comparing throughput across major locations. Source: Broadband Now.

Cyberattacks aren't the only method by which to disrupt networks, with hackers also targeting  satellites.

In a further statement released today Shchygol said: "The connection in Ukraine cannot be disconnected by breaking the cable.

"The Ukrainian market of telecommunications services is one of the most progressive. Operators use the best and most advanced technology. They have done a great job creating backup fiber-optic communication channels. That is why it is impossible to destroy the entire system by cutting the cable."

Capacity will continue to follow the developments. To share your own experiences and insights, please contact: editorial@Capacitymedia.com

Gift this article