The national railway operator of Ukraine, Ukrzaliznytsia, has experienced severe interruptions nationwide as a result of a sophisticated hack that has damaged its online systems, forcing customers to buy tickets in person.
The railway company confirmed on March 24, 2025, that its digital infrastructure was the target of what officials described as a “large-scale, systematic, non-trivial and multi-level” attack, believed to be orchestrated by Russia.
The attack, which began on March 23, has rendered both the company’s website and mobile application inoperable, making online ticket purchases impossible.
.png
)
Despite the digital disruption, train operations have continued without delays due to previously implemented backup protocols.
“The key objective of the enemy failed: train traffic remains stable, running on schedule without delays, and all operational processes have been switched to backup mode,” Ukrzaliznytsia stated in an official announcement on Telegram.
This incident represents the latest in a series of cyber warfare tactics employed during the ongoing conflict.
The company’s IT security team is currently working in collaboration with the Cyber Department of the Security Service of Ukraine (SBU) and the Government Computer Emergency Response Team (CERT-UA) to mitigate the attack and restore compromised systems.
Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks
Technical security experts suggest the attack may have involved advanced persistent threat (APT) techniques, potentially utilizing command and control (C2) beaconing methods that allow malware-infected systems to communicate with controlling servers.
Given the complexity described by officials, the attack could have employed multiple vectors including distributed denial of service (DDoS), malware obfuscation, or potentially even DNS tunneling to create covert command channels.
With Ukrainian airspace closed since Russia’s 2022 invasion, the railway system has become the country’s critical transportation lifeline, carrying approximately 20 million passengers and 148 million tonnes of freight in 2024.
This makes Ukrzaliznytsia a high-value target for disruption operations.
Ukraine Rail’s Response to Cyberattack
To manage the situation, the railway has significantly increased staffing at physical ticket offices and extended operating hours.
Military personnel have been granted special accommodation to purchase tickets directly onboard trains.
“We apologize for the inconvenience and are strengthening morning shifts of ticket offices at the stations with additional employees — you are always welcome to purchase tickets for international routes there,” Ukrainian railways shared on X.
Passengers who have already purchased tickets online but cannot access them digitally are advised to use PDF copies sent to their email addresses or to arrive at the station 20 minutes before departure to explain their situation to station officials.
The railway company has not provided a specific timeline for service restoration but assured passengers that a comprehensive security review is underway to prevent further vulnerabilities.
Online services are expected to remain offline at least until March 25, with a phased recovery approach to follow after security testing is completed.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
