Cyber Incident Victim: Ukrposhta
Date:
Aug 2017
Location:
Ukraine
Summary
The Ukrainian national postal service experienced a sustained DDoS attack targeting its parcel tracking services, causing significant website slowdowns and operational disruptions over two consecutive days. Despite initial restoration efforts by IT teams, the attack later intensified, intermittently affecting all online services. This incident followed a prior malware infection that severely compromised the organization's automated systems, leading to widespread operational paralysis and potential financial reporting delays. The entity, operating thousands of service points nationwide, emphasized ongoing efforts to maintain customer access to critical information amid these disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 7, 2017, Ukraine's national postal service Ukrposhta experienced a distributed denial-of-service (DDoS) attack targeting its website, particularly disrupting parcel tracking services. The attack persisted into a second consecutive day, with increased intensity causing slow performance and intermittent outages across both the website and associated services. Ukrposhta's IT team responded to the initial wave of the attack during the morning of August 7, implementing countermeasures that temporarily restored normal operations by late afternoon. However, the attackers intensified their efforts following this initial containment, leading to renewed disruptions. The company publicly acknowledged the incident through a Facebook statement, confirming the operational challenges while assuring customers of efforts to maintain service continuity. This incident occurred against the backdrop of a separate cybersecurity event disclosed in Ukrposhta's first-half 2017 financial report, which referenced a June 27, 2017, malware infection that had severely compromised the organization's computer network.
The earlier June malware incident caused systemic failures, rendering Ukrposhta's automated systems completely inoperable and requiring significant recovery efforts. While the August DDoS attack primarily impacted customer-facing online services like parcel tracking, the June malware event had broader operational consequences, potentially delaying financial reporting adjustments due to system unavailability. Ukrposhta, operating under Ukraine's Infrastructure Ministry with 76,000 employees across 12,000 offices, did not publicly attribute either incident to specific threat actors or disclose technical details regarding the malware or DDoS mitigation strategies beyond acknowledging IT interventions. The consecutive incidents highlighted persistent vulnerabilities, with the August attack demonstrating sustained targeting of critical public service infrastructure despite prior remediation efforts following the June network compromise.