The US has accused Russia of planning a “false-flag operation” in eastern Ukraine as part of its efforts to create a “pretext for invasion”, after diplomatic efforts to defuse the crisis faltered and government websites were hit by a “massive cyber attack”.
A US official said on Friday: “We have information that indicates Russia has already prepositioned a group of operatives to conduct a false-flag operation in eastern Ukraine. The operatives are trained in urban warfare and in using explosives to carry out acts of sabotage against Russia’s own proxy-forces.”
The official said such “sabotage activities” and “information operations” would serve to accuse “Ukraine of preparing an imminent attack against Russian forces in eastern Ukraine”, adding that this could be a precursor to a military invasion starting “between mid-January and mid-February”.
Earlier on Friday Ukraine said it was the target of a “massive cyber attack” after about 70 government websites ceased functioning. Targets included websites of the ministerial cabinet, the foreign, education, agriculture, emergency, energy, veterans affairs and environment ministries, as well as the websites of the state treasury and the Diia electronic public services platform, where vaccination certificates and electronic passports are stored.
“Ukrainians! All your personal data has been uploaded to the public network,” read a message temporarily posted on the foreign ministry’s website. “All data on your computer is being erased and won’t be recoverable. All information about you has become public, fear and expect the worst.”
Ukraine’s Centre for Strategic Communications, a government agency set up to counter Russia’s aggression, accused Moscow of being behind Friday’s cyber attacks while noting that official investigators have yet to formally draw such a conclusion.
“This is not the first or even the second time that Ukrainian internet resources have been attacked since the beginning of Russia’s military aggression . . . Some cyber attacks were so widespread that they became part of the world’s textbooks for cyber experts,” it said.
“We assume that the current one is connected with the recent defeat of Russia in the negotiations on the future co-operation of Ukraine with Nato,” the agency added.
The attack follows tense negotiations this week between the US, Nato and western allies and Russia, aimed at deterring Russian president Vladimir Putin from opting for a deeper invasion of Ukraine. Moscow annexed the Ukrainian peninsula of Crimea in 2014.
Ukrainian officials recently warned that cyber attacks and other efforts to destabilise the country would be a prelude to further aggression.
The message left by hackers, posted in Ukrainian, Russian and Polish, added: “This is for your past, present and future. For Volyn, for the OUN UPA [Organization of Ukrainian Nationalists/Ukrainian Insurgent Army], for Halychyna, for Polissya and for historical lands.”
Comments at the end of the message referred to Ukrainian insurgent fighters during the second world war and appeared to chastise Ukraine for ethnic clashes and atrocities. Poland and Ukraine accuse each other of committing atrocities during the period in the region, which the countries have jostled over for centuries.
The hackers’ post also included defaced images of Ukraine’s national symbols, with a line across the flag, coat of arms and a map of the country.
It was not immediately clear if the hackers were Polish or if this was an attempt to incite divisions between Ukraine and Poland, one of Kyiv’s strongest European allies in the face of Russian aggression.
Julianne Smith, the US ambassador to Nato, said the US would wait “to see what we find out today”. She added that proof of a Russian cyber attack “certainly” would be classed as an example of renewed aggression against Ukraine, which could trigger western sanctions against Moscow.
“We are monitoring everything that Russia is going to be doing towards Ukraine,” she said. “We are attuned to some of the efforts to destabilise Ukraine from within. We all understand that there’s an array of scenarios that could unfold as it relates to what happens between Russia and Ukraine.”
Jens Stoltenberg, Nato’s secretary-general, said he “strongly” condemned the cyber attacks.
“Nato cyber experts in Brussels have been exchanging information with their Ukrainian counterparts on the current malicious cyber activities. Allied experts in country are also supporting the Ukrainian authorities on the ground,” he said.
Josep Borrell, Brussels’ top diplomat, said the EU’s political and security committee and cyber units will convene to see how to help Kyiv.
“We are going to mobilise all our resources to help Ukraine to tackle this cyber attack. Sadly, we knew it could happen,” Borrell was quoted as saying by Reuters at an EU foreign ministers’ meeting in Brest, western France. “It’s difficult to say [who is behind it]. I can’t blame anybody as I have no proof, but we can imagine.”
Ukraine’s SBU state security service said in a statement that “provocative messages were posted on the main page of these sites”.
“The content of the sites was not changed, and the leakage of personal data, according to preliminary information, did not occur,” the SBU added.
Oleksiy Danilov, Ukraine’s national security chief, late last year told the Financial Times that Ukraine faced “continuous” Russian cyber attacks and other attempts to destabilise the country since Moscow annexed Crimea and orchestrated a proxy separatist war in its eastern regions.
“Domestic destabilisation is the immediate objective” of Russia prior to unleashing a potential deeper military incursion, he said, “firstly through cyber warfare, triggering an energy crisis and information warfare”.