Cyber experts gave their first assessments of a large-scale hacker attack on the servers and IT infrastructure of Ukrzaliznytsia.
Cyber experts gave their first assessments of a large-scale hacker attack on the servers and IT infrastructure of Ukrzaliznytsia.
Of course, it’s better late than never to admit that there was a cyberattack and that Ukrzaliznytsia was hacked. I don’t think the attacker was interested in hacking the public ticket purchasing system. Or even paralyzing train traffic.
Let me remind you that we are in a state of war, and there are many military trains running on the railways. I hope that the relevant services will check whether there was a leak of information and how critical it is.
Yesterday, Ukrzaliznytsia was hacked and the entire infrastructure was deleted. A scenario similar to the Ministry of Justice three months ago, when the registers were hacked in December 2024. In December 2023, Kyivstar was down. In 2024, Naftogaz, Ukrposhta, Ukrtransbezpeka, many media outlets, and most key banks were attacked. SEV OVV, the system of electronic interaction of executive bodies, was also hacked. And there was also an unpleasant incident with Reserve+. Before that, Diya was successfully hacked (January 2022), which was confirmed by an American court.
What similar class of resources have been hacked in Russia? None. Yes, banks, payment and public services there periodically «fall», regional state websites «rest», databases leak — but these incidents are not so resonant. The last really powerful cases were in 2022 — the hack of RuTube and the transfer of Russian aviation to paper document management. In addition, I remember the high-profile case of the leak in 2016 of the e-mail correspondence of Surkov — the then advisor to the Moscow Tsar.
After 2022 serious high-profile cyberattacks on Russia, I don’t remember anything. Of course, both the Ukrainian authorities and the Moscow authorities are trying to hide information about the very fact of a successful cyberattack. And in most cases, they manage to do this — because both sides use powerful censorship. But there are such cyberattacks, the consequences of which are simply impossible to hide, because a huge number of citizens see them with their own eyes. And the (pro)Ukrainian side cannot boast of such cyberattacks. But the anti-Ukrainian side does it consistently.
How is that? Maybe this is a systemic error? Does the conservatory need to fix something? In my opinion, the consequences of many years of unprofessionalism in the formation of national cyber policy are already catching up with us. The unwillingness and, most importantly, the inability to develop a strategic plan. And even more so, to implement it competently. The desire to steal here and now completely prevails, and what will happen later — never mind, we will no longer be here.
That is why Ukrainian cybersecurity policy consists of running from fire to fire. Wherever it lands, we put it out. There is no time to think about prejudice. And there is nothing to think about. Because loyalty always beats class. And corruption, accordingly. It is interesting that behind the scenes it is the same: loyalty always comes first. But there, due to the hyper-centralization of power, they have money to train loyalists and make professionals out of them. And thanks to the authoritarian stability of political elites, they also have time for this.
The Russians are partially isolated from the most modern technologies due to sanctions. But this does not particularly affect their ability to take over Ukrainian national resources.
In order to hack a straw IT house like Ukrzaliznytsia, you don’t need super-technologies. It’s enough to have access to the Internet and a couple of hundred dollars to buy 1-2-day exploits on the black market. Back in 2019, Ukrainian cyber activists FRD poked the same Ukrzaliznytsia at their incompetence and zero cyber protection (on the skirin). And the laptenogs have been systematically preparing for cyberwar since the early 2000s. They trained special service officers in hacking techniques, and recruited hackers in methods of conducting special operations. They spent time building organizational structures.
They financed long-term training of employees. They created botnets, troll factories, bought shares in IT companies, financed various projects like Telegram. They planned — and for decades in advance. And that is why now an organized and structured machine is working against us. On our side are many small, but not very coordinated teams, without a common strategy or even tactics, with different local interests, with scattered resources, with a low and unpredictable level of funding. Relatively speaking, these are five separate fingers against one fist. Will there be incidents similar to Ukrzaliznytsia or registries in the future? There will definitely be. I say this every time during the next cyberattack. Because why not — after all, each new incident teaches no one ANYTHING.
I don’t know what the Russians will hack next. But it will definitely be something large-scale and resonant, because their cyberattack factory works 24/7.
Now ask those state speakers in the stands about the registry hack or the Ukrazliznytsia hack. Has the public been explained what really happened? No. Maybe someone has been punished? No, either. What conclusions have been drawn, what measures have been taken to prevent this from happening in the future? But go to hell with your provocative questions, you Kremlin agents. This is not the time. We need to run to extinguish the consequences of another cyberattack. And then run to the «forum of invincibility.» Don’t interfere with your work. And don’t look up.
By the way, I’m interested in how to buy international tickets now, because it’s impossible to do it without «Diya». And «Diya» can’t work if the online platform of «Ukrzaliznytsia» itself doesn’t work — such a vicious circle. Now people will appreciate it, standing in kilometer-long queues at the ticket offices.
The role of cybersecurity in our country is so overestimated that our Ukrzaliznytsia was hacked again. Officially, «a large-scale failure of online procurement systems occurred. Do you believe it? Tomorrow they will say: «there was no leak,» ««Diya» was not hacked!» and the traditional Vyskubivskaya «there is no «Diya» in this case.»
The scale of the leak, damage, or consequences cannot be estimated, because all sorts of green buttons have decided to keep such information secret.
Imagine: this is a critical infrastructure facility, it is «counterintelligence» monitored by the SBU, with several departments at once: «economists» from the transport department are working on transformers and wheels (based on Bigus’s stories), and «computer scientists» are «monitoring» IT procurement, and others are also parasitic, but we won’t list them all.
All sorts of Fedienkos and other «green buttons» from the annex-shed of the Office of the President, which was previously called the Verkhovna Rada, are coming up with bills to classify information about cyberattacks. They would have classified everything so that no one would see how much was stolen, how many points were lost.
A huge part of military supplies goes by rail, guess what info the scumbags were looking for there? Will someone be held accountable for this? It’s not funny! Fuck everyone, they’ll write out medals for themselves tomorrow. It turns out that the head of UZ’s cyber defense was dismissed the day before «on the sly», or maybe the head of UZ himself. Now they’ll open a criminal case and look for the guilty? There are risks here of encountering the well-known phrase «the main thing during the investigation is not to come out on yourself.»
Recall, on Sunday morning, March 23, Ukrzaliznytsia reported a failure in the company’s IT system. The company did not immediately indicate the reasons for the failure. In the morning, the chairman of the board of UZ admitted that an unprecedented cyberattack was carried out on the servers and IT resources of Ukrzaliznytsia — targeted, complex and multi-level. The services are still not working.
