On March 23, 2025, the state-owned company Ukrzaliznytsia became the victim of the largest cyberattack in the history of Ukraine: the IT infrastructure was destroyed, all online services were paralyzed, and sensitive information was at risk of leakage. The event exposed critical problems in the country’s cyber defense system, which had been neglected for years.
The attack was multi-stage and highly precise — it was not an ordinary hack. It covered all key infrastructure nodes.
• Ukrzaliznytsia’s online services remain unavailable for more than 24 hours — tickets can only be purchased offline.
• Experts — including **Mykyta Knysh**, **Konstantyn Korsun**, and **Olexandr Fedienko** — accused the state of lacking a preventive cyber policy.
• They highlighted the lack of transparency, coordination and accountability – from both government and commercial structures.
This attack is not an isolated one. During 2022–2024, Kyivstar, Naftogaz, the Ministry of Justice, the State Security Service of Ukraine, Diia, a number of state registries and banks were hacked. The aggressor – Russia – uses sophisticated tactics and well-financed hacker groups. At the same time, the Ukrainian response remains spotty: without long-term reforms and without a unified cyber strategy at the national level.
The attack on Ukrzaliznytsia is not an incident, but another bell in a long line of failures. Cybersecurity in Ukraine remains **underfunded**, **fragmented**, **dependent on the political situation**. Without strategic vision, independent governance, and ongoing investment in human capital, the threat of even worse scenarios repeating itself only grows.
113 
115 
111 