News

​​​​Tactics of Russian secret services used during cyberattack on Ukrainian railways

Apr 1, 2025 - 21:00
​​​​Tactics of Russian secret services used during cyberattack on Ukrainian railways

During the cyberattack on Ukrzaliznytsia (Ukrainian railways), tactics, techniques and procedures typical of Russian secret services had been used.

Source: Yevheniia Nakonechna, Head of the State Centre for Cyber Defence of the State Service for Special Communications and Information Protection of Ukraine (SSSIP)

Quote: "Experts from the Government Computer Emergency Response Team of Ukraine (CERT-UA), operating within the State Cyber Protection Centre of the SSSCIP, determined during the incident investigation that the attack employed tactics, techniques, and procedures (TTPs) characteristic of Russian intelligence services. Furthermore, the cybercriminals utilised unique malware specifically designed with the attacked infrastructure’s specifics in mind. The execution of such a cyberattack required significant resources for preparation," she said.

Nakonechna noted that the implementation of such a cyberattack required significant resources for preparation.

She also emphasised that the cyberattack on Ukrzaliznytsia, which serves millions of Ukrainians, can be equated to a terrorist act.

Background:

  • On 23 March, Ukrzaliznytsia's online systems suffered a large-scale targeted cyberattack. Tickets were sold through ticket offices at railway stations.
  • On 27 March, Ukrzaliznytsia's online sales system was restored in a backup format for the purchase of new train tickets and their refund.
  • On 30 March, Ukrzaliznytsia restored two more online services after a large-scale cyberattack. In particular, the Ukrzaliznytsia app and website offer discounts for disabled people again, and online displays of all railway stations are now available in the app.
  • Ukrzaliznytsia assures that there was no leakage of military or personal information during the cyberattack, as it is not stored in the system.
  • Ukrzaliznytsia CEO Oleksandr Pertsovskyi said that it may take from four to six weeks to several months to fully restore all systems after the cyberattack on Ukrzaliznytsia.

Support Ukrainska Pravda on Patreon!

Related Posts

LIFESTYLE: Andile Ramaphosa’s Remarkable Fitness Transformation Sparks Crucial Health Conversations in Uganda

LIFESTYLE: Andile Ramaphosa’s Remarkable Fitness Transf...

Jun 18, 2026

Capitol agenda: GOP gets louder as Trump gets pushier

Capitol agenda: GOP gets louder as Trump gets pushier

Jun 18, 2026

The Ingraham Angle - Wednesday, June 17

The Ingraham Angle - Wednesday, June 17

Jun 18, 2026

Monkey makes a Texas tourist’s head its personal salt lick in Honduras

Monkey makes a Texas tourist’s head its personal salt l...

Jun 18, 2026

ENTERTAINMENT & DIPLOMACY: Gen. Muhoozi Intervenes to End Public Feud Between Bebe Cool and Former Miss Rwanda Jolly Mutesi

ENTERTAINMENT & DIPLOMACY: Gen. Muhoozi Intervenes to E...

Jun 18, 2026

EVs are winners in the Iran war. So is US oil.

EVs are winners in the Iran war. So is US oil.

Jun 18, 2026