A major Ukrainian ISP, operating in the center of the country, suffered a major computer attack on April 13.
This is a graph that once again demonstrates the severity of certain computer attacks targeting Ukraine. In a posted message this Wednesday, April 13, 2022 on Twitter, NetBlocks reports a sharp drop in the connectivity rate of McLaut, a local operator. The services provided by the Internet service provider have just collapsed.
The visual below shows the connectivity rate (100% designates the rate that the ISP provided before the war) which until April 13 was relatively good, thanks among other things to the notable effort of engineers and technicians to keep networks functional. But this rate has plunged far below the 20% mark today, to reach 13% at the time of capture.
NetBlocks, which runs an observatory of Internet freedom, reports that this collapse is caused by a distributed denial of service attack (DDOS), also called collective attack by saturation of service. A few hours earlier, McLaut confirmed on Facebook to be the victim of a DDOS attack on his network.
” Notice to subscribers! Military action continues not only on the territory of Ukraine, but also in the information space. We now have a DDOS attack on our network. The administrators are already working on its resolution. The recovery period will be announced later “, can we read in the message in Ukrainian, on April 13.
McLaut is a major Ukrainian regional operator. It operates in the center of the country, in the Cherkassy region, as shown by the banner at the top of its Facebook page. The region is populated by just over 1.2 million people. He is the largest ISP in Cherkassy, according to NetBlocks. The attack is said to be still ongoing. It is unclear when service will be fully restored.
Regular attacks against Ukrainian operators
A DDOS attack consists in causing a service interruption, by simultaneously sending a large number of requests, thanks to a network of coordinated computers. The service then finds itself saturated and is no longer able to process legitimate requests in the batch. For the Internet user, this gives the impression that the site or service is unavailable. Planted, in short.
DDOS attacks don’t last very long, as a rule, because eventually mitigation tools are deployed to re-route these requests or counter them. This type of cut lasts a few hours most of the time. This is a malicious action, and probably one of the “simplest” to implement among the whole range of possible nuisances.
Since the beginning of the Russian invasion in Ukraine on February 24, cyber incidents have been reported at the level of several local operators: WNET, Uacity, Triolan or at the level of the Ka-Sat satellite, which is operated by Viasat and which serves Ukraine among others (but also France). Other ISPs have experienced incidents resulting from the fights, such as Kyivstar and GigaTrans.
