Ukrainian Railways Hit by Large-Scale Cyberattack, Operations Remain Stable

• The state-owned railway company in Ukraine confirmed being impacted by a multi-level intrusion.
• While it was only reported as a massive technical failure yesterday, it was revealed to be a cyberattack.
• Ukrzaliznytsia announced on Monday tickets will only be sold offline for a while as IT systems are down.

Ukraine's state-owned railway company, Ukrzaliznytsia, reported on Monday that its online systems were the target of a "systemic, non-trivial, and multi-level" cyberattack. This large-scale attack has caused disruptions to the company's IT infrastructure, though train services remain unaffected.  

The railway company reassured passengers via Telegram that train traffic continues to operate stably and on schedule without delays. However, the online ticketing systems were temporarily suspended, with offline ticket sales implemented as a contingency. 

Restoration efforts have been underway since Sunday when the outage was first detected, a Reuters report said.  

Ukrzaliznytsia described the attack as complex, involving multiple levels of intrusion that have required extensive recovery work over the past 24 hours. The company has advised passengers to purchase tickets directly at stations or onboard trains until the systems are fully restored.  

The incident highlights the critical role played by Ukrzaliznytsia in Ukraine’s transportation network. Following the Russian invasion in 2022 and the subsequent closure of airspace over the country, trains became the primary mode of transportation for both domestic and international travelers.  

According to Ukraine's Deputy Prime Minister, Oleksiy Kuleba, the railway network carried around 20 million passengers and 148 million tonnes of freight last year. The latest disruption signifies a significant challenge to a vital national asset supporting millions of passengers and facilitating freight logistics amid the ongoing conflict.  

While no definitive attribution has been made, the attack underscores growing cyber threats to Ukraine’s critical infrastructure as tensions in the region endure. Given its scale and sophistication, further investigations are likely into the attack's origin and potential threats to other systems.