Ukraine’s national railway operator, Ukrzaliznytsia, has suffered widespread disruptions due to a sophisticated cyberattack
that severely impacted its online systems, leaving passengers with no choice but to purchase tickets in person.
On March 24, 2025, the railway company confirmed that its digital infrastructure had been targeted in what officials described as a “large-scale, systematic, multi-layered, and highly complex” attack, allegedly carried out by Russian threat actors. The attack, which began on March 23, effectively shut down both the company’s website and mobile application, making online ticket sales impossible.
Despite the cyber disruption, train operations have not been affected, as Ukrzaliznytsia had implemented backup protocols to ensure continuity.
“The enemy’s primary objective has failed—train services continue to operate as scheduled without delays, and all critical processes have been switched to backup mode,” the railway company stated in an official message on Telegram.
This cyberattack is the latest in a series of digital warfare tactics observed during the ongoing conflict between Ukraine and Russia.
In response, Ukrzaliznytsia’s IT security team is working closely with Ukraine’s Security Service (SBU) Cyber Department and the Government Computer Emergency Response Team (CERT-UA) to counter the attack and restore its compromised systems. Cybersecurity experts believe the hackers may have used advanced persistent threat (APT) tactics, possibly involving command-and-control (C2) beaconing, a technique that allows malware-infected systems to communicate covertly with external servers.
Given the complexity of the intrusion, experts suggest multiple attack vectors may have been employed, including distributed denial-of-service (DDoS) attacks, malware obfuscation, and even DNS tunneling to create hidden command channels. With Ukrainian airspace remaining closed since Russia’s 2022 invasion, the country’s railway system has become a vital transportation network, carrying approximately 20 million passengers and 148 million tonnes of freight in 2024. This makes Ukrzaliznytsia a strategic target for cyber disruption.
Ukraine Rail’s Response to the Cyberattack
To address the crisis, the railway has significantly increased staffing at ticket counters and extended working hours to accommodate passengers.
Special arrangements have been made for military personnel, allowing them to purchase tickets directly onboard trains.
“We apologize for the inconvenience and have reinforced morning shifts at ticket offices with additional staff. You can always buy tickets for international routes at the stations,” Ukrzaliznytsia stated on X (formerly Twitter). Passengers who previously purchased tickets online but cannot retrieve them digitally are advised to use the PDF copies sent to their email or arrive at the station 20 minutes before departure to explain their situation to railway staff.
The railway operator has not specified when online services will be fully restored but assured the public that a thorough security review is underway to prevent future vulnerabilities. Digital ticketing services are expected to remain offline until at least March 25, with a phased recovery plan to follow once security testing is complete.
