Cyber Incident Victim: Укртелеком
Date:
Mar 2022
Location:
Ukraine
Summary
Ukraine's internet infrastructure faced significant disruptions amid ongoing conflict, with major outages impacting providers including Ukrtelecom. Network monitoring data indicated severe traffic drops lasting approximately 40 minutes for Ukrtelecom and over a day for another provider, attributed to cyberattacks targeting routing equipment that hindered remote recovery efforts. These disruptions degraded communication capabilities and threatened Ukraine's ability to maintain diplomatic outreach and document attacks on civilian targets. Physical damage from hostilities compounded digital threats to networking systems, with service degradation observed across regions experiencing intense fighting. The incidents reflected coordinated attempts to isolate populations by crippling information networks during the invasion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early March 2022, Ukraine's telecommunications infrastructure faced escalating disruptions amid the ongoing Russian invasion, with significant outages reported at major providers Ukrtelecom and Triolan. Global network monitoring data analyzed by Doug Madory of Kentik revealed a nationwide outage at Ukrtelecom lasting approximately 40 minutes on March 10, while broadband provider Triolan experienced a more severe disruption beginning around 10:30 PM local time on March 9. Triolan's outage persisted for over 24 hours, with traffic levels remaining substantially below normal according to measurements from Kentik and Georgia Tech's Internet Outage Detection and Analysis Project. Triolan attributed the disruption to cyberattacks targeting routing equipment, stating via Telegram on March 10 that attackers employed methods preventing remote system recovery. The company characterized these actions as part of a deliberate enemy strategy to damage information networks and deprive civilians of communication capabilities, while emphasizing ongoing efforts to neutralize attackers and restore services across affected regions.
Ukrtelecom, Ukraine's former state telecom operator owned by oligarch Rinat Akhmetov through System Capital Management, faced scrutiny due to its owner's historical ties to pro-Russian political figures. Akhmetov had departed Ukraine via private jet on February 13 before the invasion, later publicly condemning Russian aggression and labeling Vladimir Putin a war criminal. The infrastructure disruptions occurred against a backdrop of sustained physical and digital threats to Ukraine's networks, which had previously maintained relatively stable connectivity despite regional outages in active combat zones. These incidents degraded domestic internet service while threatening Ukraine's capacity to maintain diplomatic communications and document alleged attacks on civilian targets through online channels. Telecommunications operators worked to mitigate outages, though Triolan's extended recovery period underscored operational challenges posed by the disabling of critical routing infrastructure during active hostilities.