White House attributes Ukraine DDoS incidents to Russia’s GRU

Anne Neuberger says the Biden administration has technical details linking the Russian spy agency to disruptions of Ukrainian banking and government websites.
Anne Neuberger, White House
Deputy national security adviser Anne Neuberger, speaks during the daily briefing at the White House on Feb. 18, 2022. (Photo by JIM WATSON/AFP via Getty Images)

Russia was behind recent disruptions of Ukrainian government and banking websites, a top White House official said Friday.

“We have assessed that Russia was responsible for the distributed denial-of-service [DDoS] attacks that occurred earlier this week,” said Anne Neuberger, deputy national security adviser for cyber and emerging technology.

Neuberger said the U.S. has “technical information” that shows digital infrastructure belonging Russia’s main intelligence directorate, the GRU, “transmitting high volumes of communication to Ukraine-based IP addresses and domains.” The British government also attributed the attacks to the GRU on Friday. DDoS incidents involve flooding websites with bogus traffic until they’re unavailable to most users.

Ukrainian officials earlier this week did not attribute the incidents to a specific actor, but suggested Russia was the only country that would conduct such an operation. Around the same time as Tuesday’s DDoS attacks, Ukrainians also received spam text messages falsely claiming that ATMs didn’t work. The incidents came as Russia continued massing thousands of troops near Ukraine. U.S. Secretary of State Antony Blinken said earlier Friday that the U.S. is “deeply concerned” that Russian President Vladimir Putin is turning away from potential diplomatic solutions to the tensions.


Neuberger acknowledged that attribution of cyber-incidents usually takes longer than a few days.

“I will note that the speed with which we made that attribution … is very unusual, and we’ve done so because of a need to call out the behavior quickly as part of holding nations accountable when they conduct disruptive or destabilizing cyber-activity,” Neuberger said.

The U.S. believes Russian operators have already set up in key Ukrainian networks to gather intelligence and preposition for more “disruptive cyber activities,” Neuberger said.

The DDoS incidents were of “limited impact” she said, “because Ukrainian cyberdefenders rapidly brought back the state-owned banks and the Ministry of Defense networks.” The U.S. has provided support to Ukraine as part of the incident response, Neuberger said.

As for cyberthreats potentially affecting the U.S., Neuberger said the Biden administration has been working since November 2021 to help shore up defenses at home, in light of potential Russian aggression against Ukraine. The emphasis is on “maximum preparedness” across government and critical infrastructure industries like water utilities, power companies and transportation networks.


When asked about a potential U.S. response in cyberspace to any attacks on important U.S. targets, Neuberger reiterated Biden’s comments from earlier this week. The president said Tuesday that if “Russia attacks the United States or our allies through asymmetric means, like disruptive cyberattacks against our companies or critical infrastructure, we’re prepared to respond.”

Russia declared war against Ukraine on Feb. 24., 2022. Before, during and after the military campaign began, the CyberScoop staff has been tracking the cyber dimensions of the conflict.

This story was featured in FedScoop Special Report: War in Ukraine

Latest Podcasts