About 70 government websites were temporarily down, in the largest such attack on Ukraine in four years.
Before the sites went offline, a message appeared warning Ukrainians to “prepare for the worst”. Access to most of the sites was restored within hours.
The US and Nato condemned the attack and have offered support to Ukraine. Russia has not commented on the hack.
Experts at Ukraine’s information ministry published a timeline of how news of the attack spread, pointing out that Russian media reported it before Ukrainian outlets.
They alleged that the attacks were in response to what they called Russia’s failure in its recent talks with Nato over Ukraine.
Ukraine’s SBU security service says in just nine months last year it “neutralised” 1,200 cyber-attacks or incidents.
Nato said it would soon be signing an agreement with Ukraine on enhanced cyber cooperation, which would give it access to the alliance’s malware information sharing platform.
The White House says it it will provide Ukraine with whatever support it needs to recover from the attack.
At the start of Friday’s attack, a message on the hacked websites was posted in three languages, Ukrainian, Russian and Polish.
“Ukrainian! All your personal data has been uploaded onto the public internet,” the message read. It continued: “This is for your past, your present and your future.”
The SBU in Kyiv said later that no personal data had been leaked, according to initial assessments, and no content had been changed.
Among the sites targeted was the Diia website, a key system containing government services that stores personal vaccination data and certificates.
The European Union’s foreign policy chief, Josep Borrell, said all its resources were being mobilised to help Ukraine deal with “this type of cyber-attack”.
Was Russia behind it?
While the world has nervously watched Russia’s troop build-up, the cyber-security community has been watching and waiting for some sort of cyber incursion.
Hybrid or asymmetric warfare is an established part of modern conflict and Russia has proved itself adept at attacking the cyber realm as well as the physical.
This latest attack on Ukrainian websites is consistent with previous events, but it’s also odd.
Threats of deleting personal data are likely hollow, as no data would have been compromised by attacks on public-facing websites.
Instead of a Kremlin-ordered cyber offensive this strikes me as more of a co-ordinated attack by patriotic Russian hackers which is what happened in the Georgia attacks. The Kremlin may not have ordered it but it certainly won’t turn down any efforts to further wobble Ukraine at this extremely tense time.