Russian hackers who attacked Ukraine’s State Railways Company, Ukrzaliznytsia (UZ) aimed to disrupt train schedules and destabilize control systems, Ukrzaliznytsia spokesperson Oleksandr Shevchenko told Kyiv Post.
Another aim of the cyberattack was accessing the customer database, Shevchenko said.
JOIN US ON TELEGRAM
Follow our coverage of the war on the @Kyivpost_official.
“They also didn’t manage to extract the customer database. But they did mess it up quite a bit,” he told Kyiv Post via text.“It was undoubtedly the work of Russian hackers – there’s a clear Russian trace.”
On Sunday, March 23, hackers compromised UZ’s IT systems, blocking online ticket sales and cargo registration. The systems were still not functioning Wednesday evening at the time of publication.
“The goal was clearly to disrupt the timing of train operations and reduce the system’s controllability. They failed in that regard because the trains continue to run on schedule, and we have a clear understanding of how to manage them in the current conditions,” Shevchenko said..
The scale of the cyberattack
“We can now officially confirm that Ukrzaliznytsia’s servers and IT resources have been subjected to an unprecedented cyberattack – targeted, complex, and multi-layered,” Chairman of the Board Oleksandr Pertsovskyi wrote in his Facebook post.
Shevcheko, stated that the incident was a “record-breaking cyberattack” in his Facebook post.
Syrsky: Russian Maps Show False Advances to Please Top Command
However, the cyber attack didn’t manage to disrupt train traffic, UZ wrote, as passengers could still buy tickets at ticket counters, and cargo traffic was switched to paper-based documentation.
Ukrzaliznytsia, which served 23 million passengers in 2023, has been working to restore its IT systems alongside specialists from the Cyber Department of the Security Service of Ukraine (SSU).
Dealing with the problem
On Monday, the day after the hack, UZ added staff and extended working hours at ticket counters to handle the increase in offline tickets sales, Pertsovskyi wrote.
The company deployed a backup infrastructure “in a secure environment, with all components prepared for a direct restart from backups of critical systems,” UZ wrote in a Facebook post on Tuesday.
“A thorough diagnosis of the backups is underway, along with the identification of any potentially harmful elements. Complex connections between various systems are being restored,” the company wrote.
Apart from the SSU Cyber Department, UZ is getting assistance from the Computer Emergency Response Team of Ukraine (CERT-UA), which is a specialized unit under the State Center for Cyber Defense.
In addition, the IT team at Kyivstar – Ukraine’s largest mobile operator – is assisting.
Kyivstar’s own systems were compromised by a major cyberattack in December 2023 – resulting in some 24.3 million subscribers losing their phone and internet service, while shops throughout the country were unable to process credit payments.
UZ wrote on Wednesday that online sales will resume “soon.” Meanwhile, the company has introduced compensation for customers who’ve had to wait in lines to buy their train tickets. Customers can now:
- Wait in the premium lounge for free by showing the paper ticket they bought during the period of the cyber attack
- Free tea on the train
- Additional benefits for passengers will be announced when UZ’s IT systems resume working normally.
You can also highlight the text and press Ctrl + Enter

