An attack on Ukraine’s power grid was foiled by cybersecurity analysts and officials. as reported by Reuters† After investigating the methods and software used by the attackers, cybersecurity firm ESET says it was likely carried out by a hacking group called Sandworm, which The record reports allegedly associated with the Russian government.
The group planned to shut down computers controlling substations and infrastructure of a particular power company, according to the Computer Emergency Response Team of Ukraine (or CERT-UA). The hackers planned to cut power on April 8 while also wiping the computers that would be used to try to get the network back online.
This attack attempt involved a wide variety of malware, including the recently discovered CaddyWiper, according to ESET. ESET has also found a new piece of malware, which it calls Industroyer2. The original Industroyer was used in a successful cyber attack in 2016 that cut power in parts of Kiev. according to the security company, probably by the same group behind this month’s thwarted attack. Industroyer is not widely used by hackers – ESET notes that it has only been used twice (earlier this month and in 2016), meaning it was written for very specific uses.
CERT-UA says the hackers bid their time and initially compromised the company’s systems before March. ESET’s analysis shows that one of the key pieces of malware was compiled more than two weeks before the attack was due to take place.
It is unclear how the hackers got into the company’s network in the first place or how they gained access to the network that controls industrial equipment, such as the targeted substations. However, the analysis shows that the hackers intended to cover their tracks after the attack.
Ukraine and its infrastructure have been targeted by hackers before the Russian invasion began. It’s likely that this won’t be the last attack on the power grid, but the country’s response to this incident shows that its cybersecurity defense strategy is capable of repelling complex attacks.