A massive cyberattack hit Ukraine’s state railway operator Ukrzaliznytsia on March 23, 2025, crippling online ticket sales and forcing passengers to queue at physical ticket offices. The attack, described as “systemic, non-trivial, and multi-level,” targeted the company’s digital infrastructure but miraculously spared actual train operations. Thank goodness for small mercies.
Ukrzaliznytsia officials vaguely blamed “the enemy” for the attack—no prizes for guessing they meant Russia. The attack’s sophistication suggests state-backed hackers, not some bored teenagers in a basement. The company implemented backup protocols immediately, something they’ve gotten pretty good at after years of digital harassment. This incident bears striking similarities to the 2016 attack on Ukrzaliznytsia’s ticketing system carried out by Sandworm group linked to Russian intelligence.
State-backed digital fingerprints all over this one—Russia’s hackers getting bolder with each attack on Ukrainian infrastructure.
Passengers felt the brunt of the disruption. Long lines formed at Kyiv’s central station as travelers scrambled to purchase tickets the old-fashioned way. The railway deployed extra staff and extended hours at ticket offices. Got an imminent departure? You’re in luck—they’re giving priority service for March 24-25 travelers. Everyone else? Grab a coffee and settle in for a wait.
The Security Service of Ukraine (SBU) joined railway specialists to investigate the breach. They’re meticulously testing systems for vulnerabilities before bringing them back online. No shortcuts here. Cyber warfare has been a common tactic in the ongoing conflict between Russia and Ukraine. The adoption of zero trust architecture could help prevent similar attacks by treating all users and access requests as potentially hostile. Online ticket returns are still possible, provided your train isn’t leaving within the hour. Small comfort, but better than nothing.
This isn’t the railway’s first cybersecurity rodeo. The sector has faced increasing attacks globally—from France’s SNCF data breach affecting 14 million passengers in 2016 to Germany’s Deutsche Bahn signaling disruption in 2017. Even Amtrak in the US got hit in 2018, with hackers demanding ransom.
The incident highlights the growing sophistication of attacks on critical infrastructure. Railways worldwide are rushing to implement network segmentation, stronger authentication, and continuous monitoring. It’s a constant game of digital cat-and-mouse—with passengers caught in the middle.
For now, Ukraine’s trains keep rolling. Cyberattacks be damned.
