J"R
Company Details
Linkedin ID:
jsc-ukrainian-railway
Website:
Employees number:
1,189
Number of followers:
7,722
NAICS:
482
Industry Type:
Homepage:
uz.gov.ua
IP Addresses:
0
Company ID:
JSC_3002913
Scan Status:
In-progress
JSC "Ukrainian Railways" Company CyberSecurity Posture
uz.gov.ua
JSC “Ukrainian Railways” is a national carrier of cargo and passengers. Ukrainian Railways is one of the largest employers in (more than 190 thousand employees) and taxpayers in Ukraine, and has its representative offices abroad.
JSC "Ukrainian Railways" A.I CyberSecurity Scoring
J"R Risk Score (AI oriented)Between 700 and 749
J"R
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
J"R Global Score (TPRM)XXXX
J"R
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
J"R Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Ukrzaliznytsia
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Ukrzaliznytsia, Ukraine's national railway operator, faced a systematic, complex, and multi-layered cyberattack that disrupted its online ticket purchasing services and mobile application. Despite the cyber onslaught, train schedules were unaffected. The railway, crucial for transporting civilians, soldiers, aid, and goods, has intensified its ticketing staff to manage the increased manual demand. Cybersecurity agencies are investigating, with prior attacks linked to Russian state actors.
J"R Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for J"R
Incidents vs Rail Transportation Industry Average (This Year)
JSC "Ukrainian Railways" has 66.67% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
JSC "Ukrainian Railways" has 29.87% more incidents than the average of all companies with at least one recorded incident.
Incident Types J"R vs Rail Transportation Industry Avg (This Year)
JSC "Ukrainian Railways" reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — J"R (X = Date, Y = Severity)
J"R cyber incidents detection timeline including parent company and subsidiaries
J"R Company Subsidiaries
JSC “Ukrainian Railways” is a national carrier of cargo and passengers. Ukrainian Railways is one of the largest employers in (more than 190 thousand employees) and taxpayers in Ukraine, and has its representative offices abroad.
Loading...
J"R Similar Companies
Network Rail
We’re at the heart of revitalising Britain’s railway, getting people and goods where they need to be and supporting the economy. Investment and modernisation are essential. So we’re building the railway of the future, running a safe, reliable and efficient railway, and serving customers and communi
Moving America Where it wants to go. We are not just a railroad; we are a company that moves people. With 21,000 route miles in 46 states, the District of Columbia and three Canadian provinces, Amtrak operates more than 300 trains each day – at speeds up to 150 mph – to more than 500 destinations.
One of America's most recognized companies, Union Pacific Railroad connects 23 states in the western two-thirds of the country by rail, providing a critical link in the global supply chain. The railroad's diversified business mix includes Agricultural Products, Automotive, Chemicals, Coal, Industria
CSX is a company on the move. As the nation’s best run railroad, we’re redefining freight rail with a progressive vision and real results – setting new industry performance standards and building a force of highly skilled professionals who are energized to help us move the economy safely, efficientl
Hitachi Rail
Hitachi Rail is committed to driving a sustainable mobility transition and helping every passenger, customer and community enjoy more connected, seamless and sustainable transport. Hitachi Rail is a trusted partner to operators around the world with expertise across every part of the rail ecosystems
CN is a North American transportation and logistics leader focused on supply chain innovation and collaboration. We offer integrated shipping solutions, including rail, intermodal, trucking, freight forwarding, warehousing and distribution. We are an engaged corporate citizen, committed to the saf
.png)
J"R CyberSecurity News
March 10, 2020 07:00 AM
Ukrainian Railways announces open selection of candidates for CEO
JSC 'Ukrainian Railways' has opened the selection process for candidates for the position of CEO.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
J"R CyberSecurity History Information
Official Website of JSC "Ukrainian Railways"
The official website of JSC "Ukrainian Railways" is http://www.uz.gov.ua.
JSC "Ukrainian Railways"’s AI-Generated Cybersecurity Score
According to Rankiteo, JSC "Ukrainian Railways"’s AI-generated cybersecurity score is 744, reflecting their Moderate security posture.
How many security badges does JSC "Ukrainian Railways"’ have ?
According to Rankiteo, JSC "Ukrainian Railways" currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does JSC "Ukrainian Railways" have SOC 2 Type 1 certification ?
According to Rankiteo, JSC "Ukrainian Railways" is not certified under SOC 2 Type 1.
Does JSC "Ukrainian Railways" have SOC 2 Type 2 certification ?
According to Rankiteo, JSC "Ukrainian Railways" does not hold a SOC 2 Type 2 certification.
Does JSC "Ukrainian Railways" comply with GDPR ?
According to Rankiteo, JSC "Ukrainian Railways" is not listed as GDPR compliant.
Does JSC "Ukrainian Railways" have PCI DSS certification ?
According to Rankiteo, JSC "Ukrainian Railways" does not currently maintain PCI DSS compliance.
Does JSC "Ukrainian Railways" comply with HIPAA ?
According to Rankiteo, JSC "Ukrainian Railways" is not compliant with HIPAA regulations.
Does JSC "Ukrainian Railways" have ISO 27001 certification ?
According to Rankiteo,JSC "Ukrainian Railways" is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of JSC "Ukrainian Railways"
JSC "Ukrainian Railways" operates primarily in the Rail Transportation industry.
Number of Employees at JSC "Ukrainian Railways"
JSC "Ukrainian Railways" employs approximately 1,189 people worldwide.
Subsidiaries Owned by JSC "Ukrainian Railways"
JSC "Ukrainian Railways" presently has no subsidiaries across any sectors.
JSC "Ukrainian Railways"’s LinkedIn Followers
JSC "Ukrainian Railways"’s official LinkedIn profile has approximately 7,722 followers.
NAICS Classification of JSC "Ukrainian Railways"
JSC "Ukrainian Railways" is classified under the NAICS code 482, which corresponds to Rail Transportation.
JSC "Ukrainian Railways"’s Presence on Crunchbase
Yes, JSC "Ukrainian Railways" has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/ukrzaliznytsia.
JSC "Ukrainian Railways"’s Presence on LinkedIn
Yes, JSC "Ukrainian Railways" maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/jsc-ukrainian-railway.
Cybersecurity Incidents Involving JSC "Ukrainian Railways"
As of December 12, 2025, Rankiteo reports that JSC "Ukrainian Railways" has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
JSC "Ukrainian Railways" has an estimated 227 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at JSC "Ukrainian Railways" ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: Cyberattack on Ukrzaliznytsia
Description: Ukrzaliznytsia, Ukraine's national railway operator, faced a systematic, complex, and multi-layered cyberattack that disrupted its online ticket purchasing services and mobile application. Despite the cyber onslaught, train schedules were unaffected. The railway, crucial for transporting civilians, soldiers, aid, and goods, has intensified its ticketing staff to manage the increased manual demand. Cybersecurity agencies are investigating, with prior attacks linked to Russian state actors.
Type: Cyberattack
Attack Vector: Online ticket purchasing servicesMobile application
Threat Actor: Russian state actors
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyberattack JSC603032425
Systems Affected: Online ticket purchasing servicesMobile application
Operational Impact: Disruption of online ticket purchasing services and mobile application
Which entities were affected by each incident ?
Incident : Cyberattack JSC603032425
Entity Name: Ukrzaliznytsia
Entity Type: Government-owned enterprise
Industry: Transportation
Location: Ukraine
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Cyberattack JSC603032425
Investigation Status: Investigating
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Russian state actors.
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Online ticket purchasing servicesMobile application.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigating.
.png)
Latest Global CVEs (Not Company-Specific)
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (including HTML/JavaScript) can be exposed in error responses, creating an XSS risk if Content-Type isn't strictly enforced. This issue does not have a fix at the time of publication.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats with a potentially malicious “tracker”, resources loaded can lead to loss of privacy for users who view the chat link that is sent to them. This issue is fixed in version 0.8.1.
Risk Information
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=jsc-ukrainian-railway' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
