Ukraine, sophisticated Russian attack on the electricity grid thwarted

Ukraine has announced in the past few hours that it has managed to repel a sophisticated Russian cyber attack targeting its power grid. The goal, Kiev says, was to disable an unspecified number of facilities vital to the operation of the network, including several substations. Zelenskyy government spokesman Victor Zhora says the attack was attributed to the hacker group known as Sandworm, already known in the cybersecurity world and accused in the past of being linked to the Moscow government. Until now, the Kremlin has consistently denied any kind of involvement with Sandworm – and indeed any kind of cyberattack against Ukraine, even since the invasion began.

CERT-UA (Computer Emergency Response Team of Ukrainethe country’s official cyber defense name) says hackers have targeted computers controlling substations of an unspecified energy company. The operation was carried out in two phases: the first, dating back to February, served to infiltrate the computer network, while the second, launched last Friday, aimed to shut down substations and damage other parts of the infrastructure. Investigations are still ongoing, but it seems that the national electricity grid has not suffered significant damage, and that the attack has been completely repelled.

CERT-UA used the collaboration of Slovak cybersecurity firm ESET, which says the malware used in this attack is a variant of what it caused. blackouts and outages in Kiev in 2016. The company explains that the software had two main objectives: first, to stop the distribution of electricity; second, wiping the hard drives of affected computers to slow down operations back to normal.

Sandworm is also suspected of being responsible for the worldwide attack on ASUS routers that has been talked about in recent weeks, whose goal was to expand the botnet known as Cyclops Blink. It is a very dangerous group, a “super predator”, as defined by the US cybersecurity firm Mandiant; but it’s not foolproof, it seems.


Leave a Comment