Moscow Metro Disrupted After Attack On Ukrainian Railways

The Moscow Metro website and mobile application experienced disruptions on March 31, 2023. The Moscow subway app users reported various malfunctions, including issues loading personal accounts and difficulties in accessing key features like ticket purchasing and account management. The metro website, which is an essential tool for navigating the city’s vast metro system, became unavailable on the same day, displaying a peculiar message that hinted at an alleged cyberattack. 

The message, which was a technical failure banner, mimicked a similar notification that had appeared on the Ukrainian Railways website a few days prior.

Ukrainian Railways, known locally as Ukrzaliznytsia, had fallen victim to a large-scale cyberattack on March 23, 2023. As a result, its website and mobile application were rendered inoperable, preventing travelers from purchasing tickets online. The state-owned railway company attributed the attack to “the enemy” but did not provide further details on the perpetrators. 

The Moscow Metro and Ukrainian Railways Incident 

The disruption of the Moscow Metro’s digital services comes amid a broader wave of cyberattacks targeting transportation infrastructure in the region. On March 31, Russian users flocked to the crash detection service Downdetector.su to report issues with both the app and its website, mosmetro.ru. Affected users complained about an inability to access personal accounts, problems with payment sections, and complete failures in app functionality. The crash detection service noted that up to 40,000 users had reported issues on that day alone, reported The Kyiv Independent.

Interestingly, the website displayed a banner featuring a message in Ukrainian, along with a reference to Ukrainian Railways. This sparked widespread speculation that the Moscow Metro’s website had been compromised in a manner similar to the earlier attack on Ukrzaliznytsia. While Russian authorities have not confirmed this, experts suspect that hackers could be behind the disruption, particularly since the Ukrainian Railways site had suffered a similar breach just days earlier.

Moscow Metro’s Response to the Outage 

The Moscow transport department quickly issued a statement via their official Telegram channel, acknowledging the technical difficulties and reassuring passengers that steps were being taken to resolve the issues. According to the department, the outages were due to “technical maintenance,” and users were advised to expect temporary problems when accessing personal accounts in the app. Despite the app’s malfunctions, passengers could still replenish their “Troika” transport cards at physical ticket offices and terminals throughout metro stations. 

Roskomnadzor, Russia’s federal service for surveillance of communications, also acknowledged the increase in reports about Moscow Metro’s technical issues. However, the agency refrained from commenting on the specific causes of the disruptions, which continue to be a source of concern for commuters. 

The Moscow Metro’s website was temporarily down for most of the day, but the disruption raised more questions than answers. For instance, one of the key complaints from Russian users was the difficulty in paying for tickets via the metro’s payment system, as the payment section did not load properly on the app. Many users also noted that the app would not load entirely, leaving them unable to access their accounts or purchase tickets. 

Conclusion  

The recent cyberattack on Ukrainian Railways (Ukrzaliznytsia) and the subsequent disruptions to the Moscow Metro app and website highlight the growing vulnerability of critical infrastructure to digital threats.  

While Ukrzaliznytsia has partially restored its online ticketing services after an intense recovery effort, the incident highlighted the challenges of securing essential systems against such attacks.

The simultaneous issues faced by the metro suggest a potential connection, raising concerns about the broader implications for cybersecurity in politically sensitive regions. 

Related

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.