Ukraine’s national railway operator, Ukrzaliznytsia, reported on Tuesday that a large-scale cyberattack had also disrupted its online freight operations. The incident, which first surfaced on Sunday, was initially flagged as an IT system failure affecting passenger ticket sales, forcing travelers to purchase tickets in person or directly on trains.

Since the Russian invasion in 2022, rail transport has played a crucial role in moving both domestic and international passengers, as well as facilitating the shipment of weapons, fuel, and essential equipment. The railway network remains a strategic lifeline, making any disruption to its operations a matter of national security.

"In addition to passenger services, our IT specialists and external partners are actively working to restore freight operations," the company stated in a Facebook post. Ukrzaliznytsia confirmed that immediately after the attack, they switched to paper-based documentation to keep services running and notified their customers of the adjustment. Employees across the network have been briefed on the situation and provided with updated protocols.

Two Ukrainian officials, a security officer and a senior government source, both speaking on condition of anonymity, indicated that early assessments suggest Russia was behind the cyberattack. While no formal attribution has been made, Ukraine has faced numerous cyber intrusions since the conflict began, with many targeting critical infrastructure.

To minimize delays, Ukrzaliznytsia has issued clear instructions to commercial freight operators on how to request wagons and dispatch cargo under the temporary conditions. This includes revised procedures for directing shipments toward export ports and the western border, where much of Ukraine’s trade with Europe is conducted.

The attack underscores the ongoing cyber warfare dimension of the Ukraine-Russia conflict, with Kyiv repeatedly accusing Moscow of attempting to destabilize key logistics networks. As authorities work to fully restore freight services, the incident highlights the vulnerability of digital infrastructure in wartime and the pressing need for enhanced cybersecurity measures.