Cyber Incident Victim: Ministry of Defence of Ukraine
Date:
Dec 2016
Location:
Ukraine
Summary
Ukraine's defence ministry website was disrupted by cyber attacks, specifically denial-of-service incidents, intended to block public updates on the ongoing separatist conflict in eastern regions. The ministry noted such attacks were frequent but not always operationally impactful, while separate recent incidents targeted the Finance Ministry and State Treasury, allegedly to undermine government reforms. While responsibility for the latest attack remained unconfirmed, officials stated the situation was controlled, referencing a prior grid cyber attack attributed to Russia that caused temporary power outages.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 13, 2016, Ukraine’s Ministry of Defence reported its website was rendered inoperable due to cyber attacks. Ministry spokesman Oleksandr Motuzyanyk stated the attacks appeared designed to disrupt the ministry’s ability to provide public updates regarding the ongoing conflict with pro-Russian separatists in eastern Ukraine. The website served as a critical channel for disseminating official information about military developments in the region. Motuzyanyk characterized the incident as a denial-of-service attack, a method frequently employed against the ministry’s digital infrastructure. While such attacks occurred regularly, he noted they did not always succeed in disrupting operations. The immediate impact was the temporary unavailability of the website, preventing public access to conflict-related updates. No data breaches or compromises of internal systems were reported in connection with this incident. The ministry’s public communications function was directly impaired during the outage. Technical teams worked to restore service, with Motuzyanyk later confirming the situation was under control. Attribution remained unclear, as the spokesman declined to identify any responsible party despite historical context of cyber hostilities.
This incident followed closely after cyber attacks targeting Ukraine’s Finance Ministry and State Treasury websites the preceding week. The Finance Ministry had publicly linked those earlier attacks to hackers attempting to undermine confidence in the government’s reform initiatives. While the Defence Ministry did not explicitly connect its incident to the prior treasury attacks, the temporal proximity suggested a broader pattern of disruptive cyber operations against Ukrainian state institutions. Motuzyanyk emphasized operational restoration but provided no technical details regarding mitigation measures or attack vectors beyond confirming the denial-of-service nature. The attacks occurred against a backdrop of heightened cyber tensions, with Ukraine’s State Security Service having previously attributed a December 2015 cyber attack on the national power grid to Russian actors—an incident that caused temporary electricity outages in western Ukraine. No similar physical consequences resulted from the 2016 Defence Ministry website attack, which remained confined to digital service disruption.