“On December 19, one of the largest Russian cyberattacks on Ukrainian state registers took place. What are its consequences?”, — write: epravda.com.ua
On December 19, hackers attacked the registers of the Ministry of Justice of Ukraine, effectively stopping dozens of databases. The cyber attack actually paralyzed a significant part of economic activity in the country. Financial transactions, verification of counterparties, public procurement and access to important public services were at risk. Since December 20, the work of notaries is reduced mainly to the certification of documents. An investigation is currently underway, which should establish the key circumstances of the incident: how the hackers managed to penetrate the systems, whether there was a data leak and how much the registries were affected. The Ministry of Justice assures that no facts of theft of information about Ukrainian legal entities and individuals have been discovered, and backup copies of the databases will allow them to quickly restore their work. The EP tells the details of one of the largest cyberattacks on state registers and its consequences for Ukrainians.Advertisement: What happened Late in the evening of December 19, Deputy Prime Minister for European and Euro-Atlantic Integration, Minister of Justice Olga Stefanishyna informed about a cyberattack on the registers of the Ministry of Justice. According to her, the attack led to the temporary suspension of state registers under the ministry’s competence, in particular the Unified State Register of Legal Entities, Individual Entrepreneurs and Public Organizations. However, the Ukrainians faced the consequences of damage to the systems earlier: part of the state registers did not work during the day, which actually made it impossible to provide notary services. The Ministry of Justice initially explained the problems as a large-scale failure in the network infrastructure that ensures the functioning of the registers. The Ministry’s registers are managed by the State Enterprise “National Information Systems” (NAIS), which the day before announced the implementation of planned technical works, in particular regarding the EDR, the State Register of Civil Status Acts, the “Bankruptcy and Insolvency” system. Advertisement: It was planned that the registers will not work from 22 :00 to 02:00 on the night of December 20. However, planned technical work was forgotten already at lunch on December 19. While NAIS was officially reporting technical problems, information about a cyber attack on NAIS appeared in the Russian Telegram channel XakNet Team. Read also: Hacking “Actions” in Chechen. Did Russian hackers get personal data of Ukrainians? The message, which appeared around 8:00 p.m., said that as a result of the attack on NAIS, hackers gained access to the infrastructure with all the data of the Ukrainian Ministry of Justice. It claimed that after getting into the infrastructure of the ministry, a total of more than 1 billion lines of data were stolen and deleted, including those stored on a backup server in Poland. The very next day, December 20, during a morning briefing, Stefanyshyn reported that the Ministry of Justice temporarily suspended all registries it administers to prevent further spread of the attack. She added that work to restore the registers was ongoing, and assured that other information systems of the state were not affected. “Currently, actions to restore the registers are ongoing. The events related to the registers did not affect other information systems of the state,” she added. As of mid-day on December 20, the websites of NAIS, the Ministry of Justice, and the UDR, which contains about 60 different registers, remained unavailable. In addition, 27 services are temporarily unavailable in “Dia”. December escalation of the GRU The SBU suggests that the hacker group of the Main Intelligence Directorate (GRU) of the Russian Federation may be behind the attack on the registers of the Ministry of Justice. “The main version that the SBU is considering is that the special services of the Russian Federation are behind this cyber attack, in particular the hacker group of the GRU of the General Staff of the Russian Federation,” said Acting Volodymyr Karastelov, head of the cyber security department of the SBU. He could not deny the information that there was no data leak, as the relevant investigation is ongoing. Instead, Stefanishyna, referring to the State Special Communications Service, emphasized that the data leak is currently unconfirmed. According to her, it was a massive attack on the entire infrastructure, which was being prepared for more than one month. It is noteworthy that almost a year ago, hackers from the SandWorm group, which is considered a division of the GRU of the Russian Federation, attacked the network core of Kyivstar, the largest mobile operator of Ukraine. Read also: The star that was extinguished. What happened to “Kyivstar”? As explained by the interlocutor of the EP in the field of open data, that attack was much more dangerous in terms of its potential consequences. “Mobile communication during a major war is critically important – people’s lives depend on it. Access to registry information is also important, but mainly to preserve the integrity of data. The main thing is that the data was saved at the moment before the attack began,” he said. The cyber security experts interviewed by the European Parliament emphasize that the cyber attack on the registries was planned and carried out for a long time. Moreover, the attackers could stay in the internal perimeter of the system for a certain period of time. “As a rule, such attacks take place with the combined use of phishing, social engineering and the possible involvement of insiders. Currently, it is not known how long the attackers were in the system. But if some data has been deleted, then the freshness of data backups from the registers will be of primary importance,” says the Cyber War Research Institute. Each cyber attack usually consists of several stages. The first stage is penetration into the system. Preparation for this can take different time: from a few hours to several months. Often the decisive factor here is the human factor. The second stage, one of the most difficult, is intelligence within the system. “The actions of hackers in the system can be compared to breaking into a house without knowing its layout, and there are people inside. In such a situation, intruders begin to move carefully so as not to be noticed while exploring the space. For this, it takes at least several months to understand how the system functions,” explains Vitaly Yakushev, director of the cyber security company 10Guards. In the third stage, hackers move to active actions: in particular, they begin to steal valuable data or manipulate the system to achieve their goals. The last stage is the so-called “cyber terrorism”, when criminals destroy information, causing maximum damage to the system, Yakushev notes. The hackers’ possible goal was to destroy databases in the registers in order to paralyze the work of key areas of the country. They partially succeeded: currently the work of notaries, as well as the processes of buying and selling property in Ukraine, are temporarily blocked. “Probably the goal of the hackers could be to paralyze public services, collect intelligence data and cause economic damage,” the Institute for the Study of Cyber War adds. The president of the Association of Real Estate Specialists, Olena Haydamaha, predicts that it will be impossible to conclude an agreement on the real estate market in the next 2-3 weeks. A representative of one of the notary offices confirmed to the European Parliament that as of mid-day on December 20, notaries can only certify documents, as access to the registers remains closed. What was affected and which state services are not working Under the current conditions in Ukraine, a significant part of economic activity has actually stopped. This applies to financial transactions, checks and counterparties and other processes that depend on access to registers. Separately, there are problems with public procurement through the Prozorro system, which uses data from the UDR. As Danylo Globa, deputy director of YouControl for legal issues, notes, part of the tenders are held in the format of open tenders, where customers are obliged to independently check information about participants in the registers. Currently, civil status acts (marriage, divorce, birth or death) will be registered using paper documents. carriers Receiving social benefits, for example, in connection with the birth of a child, will be possible only after citizens apply to the relevant authorities. The work of notaries will also continue, but not all actions will be available. So, for now, Ukrainians have the opportunity to contact a notary to perform notarial acts that are not related to the verification of information contained in the State Register of Property Rights to immovable property and UDR. In particular, the following notarial acts are available: testament and power of attorney; issuance of duplicates of notarial documents kept in the notary’s files; certification of the authenticity of copies (photocopies) of documents and extracts from them; certification of the authenticity of the signature on the documents, including certification of the authenticity of the signature on the consent for the child to travel abroad without being accompanied by one of the parents; certifying the accuracy of translation of documents from one language to another; execution of executive inscriptions. In addition, the ministry provided the possibility of a notary public to initiate an inheritance case at the request of the heir. Read also: “Strike the center of banking operations”. Can Russian terrorists “put down” banks? The Ministry of Justice notes that they will not apply measures of influence to notaries for the fact that they enter data and information into the EDR in a timely manner. This is made possible by a resolution adopted by the government back in February 2022. Due to the failure, a wide list of state services is not available: any registration actions in the field of real estate and business, in particular state registration of legal entities, their symbols, public formations that do not have legal status individuals, individual entrepreneurs and separate subdivisions of a legal entity, etc.; liquidation of enterprises or closure of the FOP. For example, this means that FOPs will not be able to be closed until the UDR operation is restored. If this register does not become operational before the beginning of 2025, those who intend to terminate their FOP will probably be obliged to pay a single social contribution and a single tax for at least January 2025; submitting an application for receiving social benefits, obtaining extracts from the State Register of Civil Status Acts of Citizens (DRATS), submitting an application for receiving comprehensive assistance “eMalyatko”, submitting documents for affixing an apostille; receiving services in the field of DRATS through TsNAPy (however, local self-government bodies within the framework of delegated powers continue to provide services related to state registration of birth, death, marriage); obtaining information from the Unified register of debtors regarding persons against whom bankruptcy proceedings have been opened. Such information will be provided in the form of information letters by the interregional offices of the Ministry of Justice according to the location of the entity about which the information is requested, according to the relevant request (requirements for such requests are published by the department); There is also currently no access to the automated system of executive proceedings, which includes information on all decisions made in such proceedings. During the absence of access to the registers, executors use alternative ways of issuing procedural documents in the proceedings. The Ministry of Justice has published contacts where citizens can consult on legal issues, in particular regarding non-working state registers. In addition, they recommend contacting the hotline (0800 213 103) or free legal aid centers. What’s next? Currently, a large team of specialists from various fields is working on solving the problem. The EP learned that, in addition to NAIS employees, representatives of the State Special Communications Service, Diya State Enterprise, as well as a business that previously participated in the development of the affected systems were involved in order to restore the registers. The Ministry of Justice says that they are primarily working on restoring the data of the unified register of powers of attorney, the register of special forms of notarial documents and the inheritance register, which will allow to ensure proper accounting and minimize incorrect notarial actions during the period when the registers are not working. Next, the department plans to restore the registers of acts of civil status of citizens, legal entities and individual entrepreneurs, as well as rights to immovable property and encumbrances on movable property. Prime Minister Denys Shmygal said that it may take one to two weeks to restore the registers. However, such a forecast is only possible if the backup copies of the data are not affected – this is a key condition for successful restoration. According to the Minister of Justice, the state has a backup (backup) of data from the registers as of December 19, 2024 and will be able to restore all information. However, not all data will be recovered without problems. Yes, changes made to the registries within a few hours of December 19, 2024 – from the moment the government noticed unusual activity in the registries until the moment they stopped working – will be restored by separate decisions of the government. “We will make decisions on these issues separately. At the same time, even appeals, statements and requests that were sent to the registers and were not considered will also be resumed, and today at the government meeting we will make a decision to suspend the calculation of all terms until the registers are restored.” , the minister added. To the EP’s question about possible problems with the correctness of data recovery, Stefanishyna assured that backup copies have been saved, and all information will be properly restored. The work of the registers could be started earlier, but it is important to check all the points of entry into the system and to eliminate possible vulnerabilities through which the attack was carried out, notes the interlocutor of the EP in the field of open data. At present, it is difficult to assess all the possible consequences that may arise from non-functioning registries. YouControl, an analytics platform that provides access to data about companies and individuals, reports the availability of stored public data as of December 19. “Our service is working as usual. All information from the registers of the Ministry of Justice, relevant as of December 19, 3:00 p.m., has been saved,” Globa notes. At the same time, the data will gradually lose relevance, since there is currently no possibility of updating them. Ultimately, government agencies may try to use alternative sources, such as YouControl, to verify data. However, this may raise questions from control bodies due to possible violations of tender conditions.*** The cyberattack on the registers of the Ministry of Justice became another example of how serious the consequences can be for the entire country. Damage to state register data partially paralyzed business activity in Ukraine, and in other areas caused concern about the possible impact of this incident on their work. Particular attention is drawn to the fact that this is the second such incident in a year after the attack on “Kyivstar”. In December 2023 when half of Ukrainians were left without communication, this event should be a signal for the implementation of measures that would prevent or minimize such attacks. And although the attack on the registers of the Ministry of Justice does not have such a direct impact on the lives of citizens, its consequences for the economy are already felt. Finally, the very fact that Russian special services manage to carry out such attacks should require all persons responsible for cyber security in Ukraine to at least review the current state of affairs in the direction of the country’s digital security.