Cyber-attack on Kiev airport prompts security review

Malware was found in the airport’s IT infrastructure, which included air traffic control, that was similar to the software used to attack Ukrainian power plants in December.

A six-hour power outage that hit Ukraine on 23 December was also blamed on a complex cyber-attack involving an injection of detection-preventing malware that emanated from Russia.

A US cyber intelligence firm recently traced the attack back to a Moscow-backed group known as Sandworm.

Although there has been no overt suggestion that the Russian government was directly responsible for the attack on Boryspil airport, it comes at a time of badly strained political relations between Ukraine and Russia.

"In connection with the case in Boryspil, the ministry intends to initiate a review of anti-virus databases in the companies which are under the responsibility of the ministry," said Irina Kustovska, a spokeswoman for Ukraine's infrastructure ministry, which oversees airports, railways and ports.

The malware in the airport's system was detected early on and no long-term damage was incurred from the attack.

An airport spokeswoman said that the authorities were investigating whether the malware was connected to a malicious software platform known as ‘BlackEnergy’, which has been linked to the other attacks on the energy sector.

The country’s state-run Computer Emergency Response Team (CERT-UA) has issued a warning regarding the threat of more attacks.

"Attention to all system administrators ... We recommend a check of log-files and information traffic," it said in a statement.

Although Ukraine's state security service has blamed Russia, the energy ministry said it would hold off on attribution until after it completes a formal probe.

The country has been suffering from regular Russian attacks on its IT systems for some time. In early 2014, its telecommunications system was severely compromised by a denial of service (DoS) attack.