Withdrawal of U.S. embassy staff, massive data breach, hacking group that hit Bundestag, and more – Weekly Update on Ukraine #3, 17-23 January

Situation in the combat zone

On January 23, Russia-backed militants made 10 attacks, eight of which included the use of weapons banned under the Minsk agreements. There were similar attacks throughout last week.

A Ukrainian service member was wounded in action.

U.S. authorizes embassy staff to leave Ukraine, EU diplomats stay put

On January 24, the U.S. Department of State authorized the voluntary departure of U.S. government employees and ordered the departure of family members of U.S. government employees at the U.S. Embassy in Kyiv, effective immediately. 

Authorized departure gives these employees the option to depart if they wish; their departure is not required. Ordered departure for family members requires that family members leave the country. The U.S. Embassy’s departure status will be reviewed in no later than 30 days. 

The U.S. Department of State made the decision to authorize departure from Mission Ukraine “out of an abundance of caution due to continued Russian efforts to destabilize the country and undermine the security of Ukrainian citizens and others visiting or residing in Ukraine”.

The U.S. Department of State has been in consultation with the Ukrainian government about this step and is coordinating with Allied and partner embassies in Kyiv as they determine their posture, the statement reads.

Additionally, the U.S. State Department has elevated its previous travel advisory rating for Ukraine to level four – “Do Not Travel due to the increased threats of significant Russian military action against Ukraine”.

EU diplomats stay in place. The European Union will not follow the U.S. in ordering its embassy staff and their families to leave Ukraine, the EU foreign policy chief Josep Borrell said Monday as he arrived for a meeting of EU foreign ministers.

“We are not going to do the same thing because we don’t know any specific reasons,” Borrell is quoted as saying. “I don’t think we had to dramatize as far as the negotiations are going on — and they are going on,” he added.

The meeting of EU foreign ministers will also include videolink participation by U.S. Secretary of State Antony Blinken, the EU foreign policy chief said.

As of this writing, the UK also announced plans to withdraw some embassy staff from Ukraine.

Ukrainians’ personal data from Diia posted for sale: what is known so far

Background. On the night of January 21 into January 22, 2022, a user nicknamed “FreeCivilian” posted for sale personal data of Ukrainians on the web site RaidForums. Part of the information was allegedly obtained from the digital public services web site Diia. 

The exposed data is on sale for USD 15,000, and allegedly includes:

-2.6 million records with users’ email address, full name, birth date, telephone number, sex, taxpayer identification number, number and expiration date of domestic and international passport.   

-13.5 million records with low-resolution images of users’ passports, ID cards, driving licenses, military records, university diplomas, and vaccination certificates in JPG format.

-4.1 million records of Ukrainians’ “detailed personal information including their documents.”

The user also posted free data samples that include 100,000, 190,000, and 26,000 records respectively. 

Actual breach of personal data? There is a high probability that actual personal information of Ukrainians was posted for sale, cyber security professionals in public and private sectors say as quoted by Novoe Vremya (New Time).

Commentary by Ukrainian government. An alleged data breach is another act of hybrid war, the Ministry of Digital Transformation of Ukraine said in a statement.

“Starting late last week, personal data allegedly obtained in a cyberattack on January 13-14 was posted online for sale a number of times. Some vendors say the data was taken from the database of Diia. Those acts aim to intimidate Ukrainians and destabilize the country by disrupting public services,” the statement reads.

The Diia application does not store personal data, but displays data held within public registries, the agency added. Yet the alleged data breach refers to the web site of digital public services not the application. The Diia web site has more than 13 million users, not two million as the vendors claim, the Ministry said. Personal records that were recently posted for sale, were obtained from various sources before 2019, the digital agency added.  

View of cyber experts. Some do not trust the official statement. First, when asked by Novoe Vremya if the dump posted on RaidForums was analyzed, the Ministry of Digital Transformation could not answer. Second, the Ministry did not say which databases the exposed data came from. The agency also provided screenshots of other data vendors. Finally, some records exposed by “FreeCivilian” were dated January 2022.

Hackers that shut down Ukraine’s government websites are responsible for cyberattack on Bundestag

A group of hackers that defaced a number of Ukrainian government web sites on January 14 is linked to the Russian security service and is the same group that hit the Bundestag and the Polish government, a Polish official said.

“According to the information we have, the cyberattack on Kyiv on January 14 was carried out by a group of hackers linked to the Russian security services. The same group of hackers is responsible for exposing correspondence of Polish government officials. Last summer, the same group of hackers made a cyberattack on the German Bundestag ahead of the September elections. That same group was involved in the recent attacks on Ukraine’s government web sites,” Andrzej Sadoś, Permanent Representative of Poland to the European Union told journalists last week.

On the night of January 13 into January 14, 2022, Ukrainian government websites were targeted in a cyberattack.

Five facts about massive cyberattack against Ukraine

A new infographic by UCMC’s Hybrid Warfare Analytical Group on a recent cyberattack that hit Ukraine government websites. 

Opinion polling: Zelenskyi, Poroshenko would win most votes

If the presidential elections were today, most Ukrainians would re-elect Volodymyr Zelenskyi or vote for former president, MP Petro Poroshenko, a survey conducted by the Kyiv International Institute of Sociology on January 20-21 finds. 

“Volodymyr Zelenskyi (23.5 per cent) and Petro Poroshenko (20.9 per cent) would win the most votes. The difference between their scores is within the margin of error, so formally they share the first place,” the survey says. 

The poll gives the chief of “Batkivshyna” party Yulia Tymoshenko 11.8 per cent, the leader of the “Power and Honor” (Syla i Chest) party Ihor Smeshko – 9.6 per cent, and a leader of the “Opposition Platform – For Life” (Opozytsiyna Platforma – Za Zhyttya) Yuriy Boiko 9.3 per cent.

How Ukraine is fighting COVID-19

© pixabay.com

Ukraine nears the peak of coronavirus cases. On January 23, Ukraine recorded 12,915 cases, 2,430 recoveries, and 67 deaths. Last week, daily cases peaked at 20,000.