A document compiled by the state-owned Ukrainian Computer Incident Response Team (CERT) describes “at least two successful attack attempts,” one of which began on March 19, just days after Ukraine joined Europe’s power grid in an attempt to end addiction. from Russia.
Following the publication, Viktor Zhora, Deputy Head of the State Special Service of Ukraine for Digital Development, described a private report as “preliminary” for Wired and called it a “mistake”.
Whether they were successful or not, the cyberattacks on the Ukrainian power grid represent a dangerous continuation of Russian aggression against Ukraine through a hacker group known as Sandworm, which the United States has identified as Russian military intelligence unit 74455.
Hackers allegedly working for Russian intelligence have previously disrupted Ukraine’s power grid in both 2015 and 2016. While the 2015 attack was mostly manual, the 2016 incident was an automated attack using malware known as Industroyer. The malware that investigators found in the 2022 attacks has been dubbed Industroyer2 due to its similarity.
“We are dealing with an adversary who has been procrastinating us in cyberspace for eight years,” Zhora told reporters on Tuesday. “The fact that we were able to prevent this shows that we are stronger and better prepared. [than last time]”.
ESET analysts analyzed the Industroyer2 code to compare its capabilities and goals. The hackers tried not only to cut off the electricity, but also to destroy the computers that the Ukrainians use to manage their network. This would make it impossible to quickly restore the power supply using the computers of the power company.
In previous cyberattacks, Ukrainians could quickly regain control within a few hours by returning to manual operations, but the war has made this extremely difficult. It’s not easy to send a truck to a substation when there may be enemy tanks and soldiers nearby, and computers sabotaged.
“When they are openly waging war against our country, destroying Ukrainian hospitals and schools, there is no point in hiding,” Zhora said. “If you fired missiles at Ukrainian houses, then you don’t need to hide.”
Given Moscow’s successful track record of aggressive cyberattacks against Ukraine and the rest of the world, experts expected hackers from the country to emerge and wreak havoc. United States officials spent months a warning about the escalation from Russia, how is it fight in a ground war with Ukraine.
During the war, Ukraine and the US accused Russian hackers of using multiple wipers. Financial and government systems suffered. Kyiv has also been the target of denial-of-service attacks that have rendered government websites useless at key moments.
However, the attack on Industroyer2 is the most serious known cyberattack in the war. Ukrainian cybersecurity officials are working with Microsoft and ESET to investigate and respond.
This is one of the few widely publicized incidents in which government-backed hackers attacked industrial systems.
The first was discovered in 2010, when it was revealed that the malware known as Stuxnet was created – reportedly by the United States and Israel – to sabotage Iran’s nuclear program. Russian-backed hackers are also reportedly launched several such campaigns against industrial facilities in Ukraine, the United States and Saudi Arabia.
The article has been updated to note that a Ukrainian official called an earlier UA-CERT report “preliminary” and a “mistake”.