A large-scale cyber attack has hit Ukraine’s state railway operator, Ukrzaliznytsia, affecting passenger and freight operations and resulting in long queues as passengers waited to buy tickets.
Ukrzaliznytsia, the country’s largest transporter, said the cyber incident affected online services, including the mobile app that most passengers depend on to purchase tickets.
However, the railway continued to operate normally despite various setbacks occasioned by the cyber attack.
“The key thing is that the enemy was not able to disrupt the train schedule: trains are running stably, on schedule, and without delays, and all operational processes have been adjusted to a backup mode,” Ukrzaliznytsia said. “The railway continues to operate despite physical attacks on its infrastructure and cannot be stopped even by the most insidious cyberattacks.”
The operator said it had previously implemented backup protocols because the railway system was a known target and had adjusted operations to backup mode to limit disruptions.
Ukraine state railway operator investigates a cyber attack
Ukraine’s state railway operator has launched an investigation into the cyber attack, which it described as “systematic, complex, and multi-layered,” suggesting potential nation-state involvement.
Ukrainian authorities, including the Cyber Department of the Security Service of Ukraine (SBU) and the Ukrainian Computer Emergency Response Team (CERT-UA), are also assisting the state railway operator in uncovering security vulnerabilities before restoring the impacted IT systems to prevent a similar cyber attack in the future.
Meanwhile, the national railway operator has opened more ticket windows at various stations to accommodate more passengers and reduce waiting times.
However, passengers accustomed to buying tickets online expressed their frustration on social media at having to wait in line to obtain their boarding passes.
Similarly, having partially restored the systems, the national railway operator discouraged travelers from relying on online ticket sales unless they had an emergency.
The state railway operator also discouraged passengers from visiting ticket offices a day earlier to avoid overcrowding, as those with imminent departures were given priority.
“As the system is currently experiencing peak loads, there may be temporary technical interruptions, so we ask passengers to use the application only if they need to travel urgently,” Ukrzaliznytsia said.
Cyber attacks ongoing
Meanwhile, the state railway’s IT systems continued to experience cyber attacks, but no delays or cancelations had been reported as yet.
“Our system is still under a massive cyberattack of the enemy. Nevertheless, our trains are running in accordance with the schedule,” Ukrzaliznytsia posted on X. “Our ticket offices are prioritizing passengers who are willing to either depart or arrive in the next few days. We will keep you posted.”
However, military members were allowed to purchase tickets onboard trains from conductors to avoid disrupting their movement and deployment.
Similarly, passengers who bought their tickets online but could not download them were advised to arrive 20 minutes early and provide purchase confirmation sent to their email addresses.
However, the state railway operator remains tight-lipped over the technical details of the cyber attack, pending ongoing investigation. No cybercriminal group has also taken responsibility for the cyber attack.
Subsequently, the threat actor’s identity, the nature of the cyber attack, and the attack vector exploited during the incident remain unknown or unreported.
Nonetheless, Russian state-sponsored threat actors and pro-Kremlin hacktivists, including DDoS and novel malware groups, have continued to target Ukraine since the full-scale Russian invasion.
Russia has also coordinated cyber attacks with kinetic strikes to increase the effectiveness of missile strikes on the Ukrainian critical infrastructure.
