We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


A Ukraine border control station has been struck with a data wiper cyberattack that has slowed the process of allowing refugees to cross into Romania, a cybersecurity expert who spoke with Ukrainian agents at the border crossing told VentureBeat.

Refugees fleeing Ukraine after Russia’s invasion of the country have faced long waits at the border, sometimes for as long as days. At least part of the reason appears to be the impact of another major wiper attack, according to the cybersecurity expert, Chris Kubecka, who spoke with VentureBeat on Sunday.

“People are stuck because Ukraine cannot process anything except on pencil and paper,” said Kubecka, who was able to cross into Romania on Saturday on a bus with about two dozen people fleeing Ukraine.

The wiper attack at a Ukraine border control station was first reported by the Washington Post.

Kubecka said she believes the wiper attack occurred early on Saturday morning, shortly after 6 a.m. Ukraine time. She says she inquired into the reason for the long delays, and found out that a cyberattack had occurred.

Given her background in cybersecurity, she was able to speak with Ukrainian agents at the border station about what had happened. They told her that it “seems to be the same exact wiper virus that had hit some of the ministries,” Kubecka said.

Last Wednesday, data-wiping malware was deployed against the Ukrainian defense ministry as well as financial, aviation and IT services companies in Ukraine just ahead of Russia’s invasion of the country. The wiper has been referred to as “HermeticWiper” by researchers.

The wiper attack that hit the border crossing on Saturday affected the Ukraine-Romania border crossing at Siret, said Kubecka, who documented her journey in a series of tweets. The destructive cyberattack appears to have only impacted the Ukrainian border control, and not the Romanian station, she said.

It was not clear if the border crossing has been able to get its computer systems back online. VentureBeat has reached out to the State Border Guard Service of Ukraine and the Security Service of Ukraine.

More than 368,000 people have fled Ukraine since Russia’s unprovoked invasion of the country last Thursday, according to the United Nations.

Ukraine has needed to closely verify those leaving the country because of the requirement that males ages 18 to 60 remain in Ukraine. However, at least at the Siret border crossing, that was proving to be a major challenge on Saturday, Kubecka said. “‘We got hit with the wiper virus, we can’t process anything,'” she was told by the authorities at the crossing.

Kubecka said she is trying to obtain a sample of the wiper malware to give it to parties such as the European Union and CERT-EU (the Computer Emergency Response Team for the EU). “I’m still waiting for arrangements to be made to hand carry it from the border, if I can,” she said.

Kubecka, a U.S. native and Air Force veteran now residing in The Netherlands, was in Ukraine because of her background and expertise in the area of cyberwarfare. Her resume has included helping to restore systems for Saudi Aramco after a massive cyberattack in 2012, and she is now the founder and CEO of cyber consulting firm HypaSec.

Kubecka says she spent about 28 hours waiting to cross into Romania before being allowed through. “We slept in the bus,” she said.

While some in academia may be saying that “‘cyberwar has not happened yet — it’s only a cyber crisis,’ that’s BS. It’s happening right now,” Kubecka said. “They’re halting and slowing down the evacuation of so many people.”

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Author
Topics