Ukraine has restored the infrastructure of its state registers, which were disrupted last month by a major cyberattack believed to have been carried out by Russian military intelligence hackers.
In a statement on Monday, the Ukrainian Ministry of Justice — responsible for managing around 60 state databases — confirmed that the critical registers are now operational. The agency is also in the process of updating the registers with data collected during the downtime.
Suspected Russian state hackers targeted Ukraine’s state registers with “one of the largest cyberattacks” in December, leaving citizens unable to access essential services linked to their digital records.
The attack disrupted the electronic registration of births, marriages and deaths, forcing agencies to process these records manually on paper. Real estate transactions, including purchase-sale agreements, leases, gift transfers and mortgage contracts, were also put on hold.
Ukrainian officials have denied claims that citizens’ data was leaked during the attack. According to Olga Stefanishyna, Ukraine’s Deputy Prime Minister for European and Euro-Atlantic Integration, the goal of the attack was “to undermine the functionality of the state,” which” she said, was not achieved.
Officials have not provided a detailed analysis of the incident. However, hackers claimed the disruption was caused by an attack on the state-owned National Information Systems (NIS), the operator of the registers.
Following the attack, the Ministry of Justice terminated its cooperation with NIS and launched a criminal investigation into the enterprise, which is still ongoing, Stefanishyna said.
“We learned important lessons from this cyberattack and are already implementing systemic changes,” she added.
Ukrainian authorities are also drafting a new law that would require all government agencies handling sensitive data to establish a dedicated network of cybersecurity professionals responsible for safeguarding its security. Stefanishyna referred to this initiative as a “Pentagon for state registers.”
In a comment to Recorded Future News, Yevheniya Nakonechna, head of Ukraine’s State Cyber Protection Centre, said that the country’s security services have opened a criminal investigation into the attack. Among the suspects is a hacker group linked to Russia’s military intelligence agency (GRU).
In 2023, the Russian hacker group Sandworm — believed to have ties to the GRU — hacked Ukraine’s largest telecom operator, Kyivstar.
Nakonechna added that politically motivated hackers would likely continue to target government organizations in countries they perceive as “hostile.” The primary goal of such attacks, she said, is cyberespionage to gather intelligence.
Earlier in January, a hacker group with unknown affiliations claimed responsibility for breaching Rosreestr, a Russian government agency responsible for managing property and land records. While the agency denied its systems were breached, it confirmed that an investigation into the hackers’ claims is underway.
Just a few days after the Rosreestr incident, Slovakia’s land registry suffered the largest cyberattack in the country’s history, according to state officials. The attack targeted the Slovakian Geodesy, Cartography, and Cadastre Office (UGKK), which manages land and property data. As a result, the agency’s systems were shut down, and its physical offices closed.
Slovakia is still working to recover access to its registry. Local media reported on Monday that zoning and construction activities across the country have been suspended. The attack has also delayed the launch of a new construction portal designed to simplify and streamline construction-related processes.
It is unclear which hacker group is behind the attack on Slovakia, but the country’s agriculture minister, Richard Takáč, previously stated there were “strong indications” the attack originated from Ukraine.
Ukraine has not commented on allegations linking it to the cyberattack. The incident comes amid rising tensions between Slovakia and Ukraine following Kyiv’s suspension of Russian gas transit through Slovakian territory.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
