TechnologyRussia's Sandworm Hackers Attempted a Third Blackout in Ukraine

Russia’s Sandworm Hackers Attempted a Third Blackout in Ukraine


More than half a decade has passed since the notorious Russian hackers known as Sandworm targeted an electrical transmission station north of Kyiv a week before Christmas in 2016, using a unique, automated piece of code to interact directly with the station’s circuit breakers and turn off the lights to a fraction of Ukraine’s capital. That unprecedented specimen of industrial control system malware has never been seen again—until now: In the midst of Russia’s brutal invasion of Ukraine, Sandworm appears to be pulling out its old tricks.

On Tuesday, the Ukrainian Computer Emergency Response Team (CERT-UA) and the Slovakian cybersecurity firm ESET issued advisories that the Sandworm hacker group, confirmed to be Unit 74455 of Russia’s GRU military intelligence agency, had targeted high-voltage electrical substations in Ukraine using a variation on a piece of malware known as Industroyer or Crash Override. The new malware, dubbed Industroyer2, can interact directly with equipment in electrical utilities to send commands to substation devices that control the flow of power, just like that earlier sample. It signals that Russia’s most aggressive cyberattack team attempted a third blackout in Ukraine, years after its historic cyberattacks on the Ukrainian power grid in 2015 and 2016, still the only confirmed blackouts known to have been caused by hackers.

ESET and CERT-UA say the malware was planted on target systems within a regional Ukrainian energy firm on Friday. CERT-UA says that the attack was successfully detected in progress and stopped before any actual blackout could be triggered. But an earlier, private advisory from CERT-UA last week, first reported by MIT Technology Review today, stated that power had been temporarily switched off to nine electrical substations.

Both CERT-UA and ESET declined to name the affected utility. But more than 2 million people live in the area it serves, according to Farid Safarov, Ukraine’s deputy minister of energy.

“The hack attempt did not affect the provision of electricity at the power company. It was promptly detected and mitigated,” says Viktor Zhora, a senior official at Ukraine’s cybersecurity agency, known as the State Services for Special Communication and Information Protection (SSSCIP). “But the intended disruption was huge.” Asked about the earlier report that seemed to describe an attack that was at least partially successful, Zhora described it as a “preliminary report” and stood by his and CERT-UA’s most recent public statements.

According to CERT-UA, hackers penetrated the target electric utility in February, or possibly earlier—exactly how isn’t yet clear—but only sought to deploy the new version of Industroyer on Friday. The hackers also deployed multiple forms of “wiper” malware designed to destroy data on computers within the utility, including wiper software that targets Linux and Solaris-based systems, as well as more common Windows wipers, and also a piece of code known as CaddyWiper that had been found inside of Ukrainian banks in recent weeks. CERT-UA claimed Tuesday that it was also able to catch this wiper malware before it could be used. “We were very lucky to be able to respond in a timely manner to this cyberattack,” Zhora told reporters in a press briefing Tuesday.



Original Source Link

Latest News

RNC Gets Fact Checked Back To The Stone Age Over Fake Biden Video

The RNC edited a video of President Biden to claim that he was wandering off during the G7,...

Celebrating the second law of thermodynamics

Editor in chief Nancy Shute talks about the history and enduring mysteries of the second law of thermodynamics. Original...

Investors may be missing these commercial real estate opportunities

The threat from a looming wave of maturing commercial real estate loans has been well telegraphed to investors,...

Brazil's far-right introduces bill that equates abortion after 22 weeks to murder

Protests have broken out across Brazil after lawmakers attempted to fast track legislation that would equate abortion after...

I dropped out of a group trip—do I still have to pay for the hotel?

Historically, I'm not a fan of group trips. Someone always ends up inexplicably crying or taking personal offense...

Must Read

Physicists measured Earth’s rotation using quantum entanglement

Earth’s rotation has been measured many times over...

Apple’s commitment to data privacy could pay off big with its AI

Whereas customers of other AI companies may not...
- Advertisement -

You might also likeRELATED
Recommended to you