Ukrzaliznytsia emphasized that despite the attack, trains continue to run on time. The company credited its pre-established contingency plans and cybersecurity defenses, recognizing that its infrastructure has long been a target. Officials described the cyberattack as “systematic, complex, and multi-layered,” suggesting possible involvement by a state-sponsored group.
Ukrainian cybersecurity authorities, including the SBU and CERT-UA, are now investigating the incident and working to strengthen the operator’s digital defenses. While IT systems remain under pressure from ongoing cyberattacks, there have been no reported delays or cancellations.
In the meantime, the operator has opened additional ticket windows to ease congestion and is urging passengers to use online services only in urgent cases. Travelers are also advised to bring proof of online purchases to the station in case of app issues.
Military personnel are allowed to buy tickets directly from conductors to avoid disruption, while those affected by download errors are asked to arrive early and present confirmation emails.
Although the identity of the attackers remains unknown, Ukraine has repeatedly faced coordinated cyber and physical attacks since Russia’s full-scale invasion began, often involving DDoS campaigns and advanced malware from pro-Kremlin groups.
Source: Cpomagazine
The European Cyber Intelligence Forum is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.