Cyberattack on Ukraine’s state registers disrupts marriage registration, real estate deals

A large-scale cyberattack believed to have been carried out by Russian hackers knocked most of Ukraine’s state registers offline, leaving citizens unable to access essential services linked to their digital records.

According to Ukraine’s Ministry of Justice, which manages around 60 state databases, the cyberattack has disrupted the electronic registration of births, marriages and deaths. These records are now being processed on paper, and once access to the state registers is restored, the data will be transferred into the electronic database.

Despite the disruptions, more than 1,400 Ukrainian couples have registered their marriages in the past week, the ministry said.

Any real estate transactions in Ukraine, including purchase-sale agreements, leases, gift transfers and mortgage contracts, are also on hold, as they require records from state registers containing citizens’ personal data, as well as information about legal entities and property rights.

Ukrainian Deputy Prime Minister for European and Euro-Atlantic Integration, Olga Stefanishyna, stated that it would take about two weeks to restore access to these registers

In response to the cyberattack, the Ukrainian government has extended existing military draft deferments for one month, without the need for digital renewal. Under current law, certain categories of Ukrainian citizens can apply for deferments through the Reserve+ military application, which relies on data from state registers.

Other services affected by the hack include trading on the country’s stock exchange, the appointment of civil servants and judges, as well as the consideration of some court cases that require information from the registers, according to local media reports.

It is not yet clear how much the recent cyberattack on the registers and the disruption of essential services will cost Ukraine’s economy.

Ukraine’s Ministry of Justice announced on Monday that they have already begun the recovery process and assured that all information will be restored, as the government has backups. The pro-Russian hacker group XakNet, which previously claimed responsibility for the attack, said they deleted both the primary databases and backup copies stored on servers in Poland.

Local state officials have revealed little about the attack and declined to comment to Recorded Future News due to the “sensitivity of the issue.”

According to Oleksandr Fedienko, head of the cybersecurity subcommittee in Ukraine’s parliament, the hackers may have gained access to the system through phishing emails or by bribing an employee with access to the registers. Ukrainian cyber agencies involved in the investigation have not publicly commented on the initial access vector used by the attackers.

Ukraine’s state security service (SBU) said last week that they suspect Russian hackers linked to the country’s military intelligence service (GRU) are behind the attack. Among the threat actors with suspected ties to the GRU is Sandworm, a group responsible for major cyberattacks targeting Ukraine, including the 2023 hack of Ukraine’s largest telecom operator, Kyivstar.

According to Fedienko, the attack on the state registers was “expertly planned” and could only have been executed “with substantial systematic organization.”

Volodymyr Karastelov, the acting head of the SBU’s cybersecurity department, said that the hackers likely spent several months preparing the attack on the registers.