On 24th March 2025, a powerful cyberattack disrupted the online ticket booking system in the state railway services of Ukraine. People have to wait in long queues at the stations across the nation. However, no trains were halted although, the Ukraine officials suspected Russia’s involvement in the attempt to destabilise the country.
The cyberattack and its impact
It was Monday, 24th March 2025, the state railway service of Ukraine, Ukrzaliznytsia, became a victim of the sophisticated and highly disruptive cyberattack. The railway service detected the cyberattack on Sunday and immediately informed the customers that they were facing a problem with their IT system. They instruct their passengers that rather than booking tickets online, they need to purchase tickets in person or abroad trains.
We apologize for the inconvenience and are strengthening morning shifts of ticket offices at the stations with additional employees — you are always welcome to purchase tickets for international routes there.
— Ukrainian railways || Укрзалізниця (@Ukrzaliznytsia) March 23, 2025
❗️Due to an IT failure, online services are temporarily not working.
A long queue was generated in Kyiv’s central train station on Monday morning. People were ready to wait in long lines to buy tickets. Adding to the chaos, the booking offices of the train stations said that the tickets are only available for the journeys until Tuesday. This sudden shift to manual ticketing created tensions among the civilians.
“The latest attack was very systemic, unusual and multi-level,” said the rail company Ukrzaliznytsia on the Telegram app. The railway operations were not affected, just the online booking system was not available for 24 hours. A backing system has already been employed by the company, which helped them to swiftly respond to the tragic event and maintain uninterrupted train services.
Ukrzaliznytsia’s board chairman, Oleksandr Pertsovskyi, said that “operational traffic did not stop for a single moment. The enemy attack was aimed at stopping trains, but we quickly switched to backup systems.”
However, Kyiv’s officials said that the “enemy” has been attacking to orchestrate to destabilise the country. By “enemy” they refer to Russia, when senior Ukrainian security officials, anonymously described the incident as a planned attempt cyberattack so that psychological pressure can be created on the civilians.
The senior government officials said, “It was some hacker group. We think that they are Russians. It is a strong strike but not critical,” the government source said, also saying that it looked aimed at “destabilisation.” However, any kind of definitive evidence has not been found that can prove Russia’s involvement in the cyberattack.
Cyber warfare in the Russia-Ukraine conflict
The Russia-Ukraine war set a testing ground for cyber warfare. Since the full-scale invasion of Russia in Ukraine, both states have engaged in battlegrounds not only physically but also in cyberspace, by understanding the growing role of cyberattacks. Since the 2022 invasion, Ukraine has faced numerous destructive cyberattacks that target the civilians, infrastructure and information systems of the country.
The CyberPeace Institute has documented that 1,998 cyber incidents have been recorded by 31st May 2023 and around 98 actors across 23 critical infrastructure sectors. It impacted Ukraine, Russia and other 49 countries. Christian-Marc Liflander from NATO has mentioned that cyberattacks happen mostly during peacetime and wartime.
The Russian Federation has adopted destructive and destabilising tactics to disrupt Ukraine through cyberattacks. Russia’s strategy of cyber warfare is a part of the broader warfare model which is a combined form of conventional military operations and cyber operations to weaken the resilience of Ukraine.
For example, just hours before the invasion on February 23, 2022, Russia employed malware targeting the computers of Ukraine, which was detected by Microsoft. The main aim of this cyberattack was to erase data, cripple the internet system and sow confusion among Ukrainian authorities. The Viasat Hack is another attack of Russia through a satellite network, where thousands of users’ access to the internet got disrupted, including the Ukraine military command.
Another significant attack of Russia through cyberspace can be highlighted as the energy blackouts issue in DTEK. DTEK is the largest energy company in the UK. A Russia-linked group of hackers infiltrated DTEK’s system to destabilise the technological process and they even forced one of the thermal power points of the company to destabilise, which significantly impacted the energy supply of the Ukraine.
Importance of railway system for Ukraine
Since Russia’s invasion in February 2022, the Ukrzaliznytsia, the state-owned rail company of Ukraine is the backbone of the economic system. In an interview, Oleksandr Pertsovsky, recalls that “at the time when everything stopped, when the airlines halted flights to Ukraine, Ukrainian Railways remained the key lifeline, not just for passenger movement, but also for cargo and our economy.”
Not only this, for millions of Ukrainians, the trains are the primary source for domestic and international travel. Through the rail system, essential goods like medical supplies, agriculture exports and humanitarian aid, have been supplied, which is a vital part of sustaining Ukraine’s economy.
During the wartime, the railway system was the backbone of the country. Essential weapons, ammunition and equipment were served to the Ukraine military through these services. Around 20 million passengers and 148 million tonnes of freight were transported by railway alone in 2023.
Henceforth, targeting the central system of the country, can be the most effective way for an adversary to destabilise the civilian’s life and military operations. However, as the infrastructure of Ukrzaliznytsia has been frequently attacked by Russian drones and missiles, the company doubled the number of tickets as well as staff in many stations, including Kyiv.
Our system is still under a massive cyberattack of the enemy. Nevertheless, our trains are running in accordance with the schedule. Our ticket offices are prioritizing passengers who are willing to either depart or arrive in the next few days. We will keep you posted 💪
— Ukrainian railways || Укрзалізниця (@Ukrzaliznytsia) March 24, 2025
Steps adopted by the railway system
On Sunday, the passengers were already informed about the attacks through the Telegram app and social media platforms like X (previously known as Twitter). A contingency measure has been obtained by the Ukrzaliznytsia to address certain situations due to cyberattacks. Staff and more booking windows have been increased in several stations, but still long queue was formed.
However, to further address the situation, Ukrzaliznytsia requested the passengers not to panic and travel to the next data so that the crowd could be managed. The passengers who booked online tickets and are not able to access them are requested to show a PDF sent to their mail, to the train stations before the 20 minutes of departure of the trains.
