HQ/EMEAFind out how we can help your business
RZD, a Russian government-owned railway company, disclosed that a massive cyberattack has caused their mobile applications and website to shut down for several hours. The incident forced its passengers to buy train tickets manually at railway stations since buying online is unavailable.
IT Army, a Ukrainian hacktivist group, claimed responsibility for the attack after publishing it on its Telegram channel—moreover, the group claims they will cause more damage to the station after their breach. Researchers have yet to confirm the group’s claims since insufficient proof exists.
RZD stated they had addressed the situation within hours of the recovery process.
According to RZD, their security team has restored their operation after six hours of unavailability despite the ongoing attacks from the Ukrainian group. However, some of their online services remain unavailable due to the increased load.
On the other hand, the Ukrainian hacktivist group said their primary goal is to permanently remove their target’s website. Hence, they are willing to make a significant effort to prepare an attack on the Russian entity. They have also classified their attack as successful since it impacted Russia’s economy despite being down for several hours.
Researchers noted that this is the second cybersecurity attack on RZD railways since the geopolitical conflict between Russia and Ukraine started. Earlier this year, the Russian railway’s website and mobile app were also a subject of a distributed denial-of-service attack. Experts explained that such an attack could only occur by flooding a targeted website with junk traffic, making them inaccessible.
During the incident, the company added numerous ticket offices at railway stations so that all the passengers could purchase train tickets.
Cybercriminal activities against essential government sectors, such as railways, could significantly disrupt a country’s logistic status. In 2022, a malicious attack on the Belarusian state railway damaged its network and obstructed the transfer of Russian troops into Belarus for military exercises.
These cybercriminal attacks commonly occur if an attacker is closely affiliated with a particular country. In this incident, the group is an affiliate of Ukraine, which Russia is currently invading.
