Ukraine says to review
cyber defenses after airport targeted from Russia
Send a link to a friend
[January 18, 2016]
By Pavel Polityuk and Alessandra
KIEV (Reuters) - Ukrainian authorities will
review the defenses of government computer systems, including at
airports and railway stations, after a cyber attack on Kiev's main
airport was launched from a server in Russia, officials told Reuters on
Malware similar to that which attacked three Ukrainian power firms
in late December was detected last week in a computer in the IT
network of Kiev's main airport, Boryspil. The network includes the
airport's air traffic control.
Although there is no suggestion at this stage that Russia's
government was involved, the cyber attacks have come at a time of
badly strained relations between Ukraine and Russia over a nearly
two-year-long separatist conflict in eastern Ukraine.
"In connection with the case in Boryspil, the ministry intends to
initiate a review of anti-virus databases in the companies which are
under the responsibility of the ministry," said Irina Kustovska, a
spokeswoman for Ukraine's infrastructure ministry, which oversees
airports, railways and ports.
Ukraine's state-run Computer Emergency Response Team (CERT-UA)
issued a warning on Monday of the threat of more attacks.
"The control center of the server, where the attacks originate, is
in Russia," military spokesman Andriy Lysenko said by telephone,
adding that the malware had been detected early in the airport's
system and no damage had been done.
A spokeswoman for the airport said Ukrainian authorities were
investigating whether the malware was connected to a malicious
software platform known as "BlackEnergy", which has been linked to
other recent cyber attacks on Ukraine. There are some signs that the
attacks are linked, she said.
"Attention to all system administrators ... We recommend a check of
log-files and information traffic," CERT-UA said in a statement.
[to top of second column]
In December three Ukrainian regional power firms experienced
short-term blackouts as a result of malicious software in their
networks. Experts have described the incident as the first known
power outage caused by a cyber attack.
A U.S. cyber intelligence firm in January traced the attack back to
a Moscow-backed group known as Sandworm.
The Dec. 23 outage at Western Ukraine's Prykarpattyaoblenergo cut
power to 80,000 customers for about six hours, according to a report
from a U.S. energy industry security group.
Ukraine's SBU state security service has blamed Russia, but the
energy ministry said it would hold off on attribution until after it
completes a formal probe.
(Editing by Matthias Williams and Gareth Jones)
[© 2016 Thomson Reuters. All rights
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.