Ukraine has recently accused a Russian spy agency of conducting a sophisticated cyber attack with the intention of disabling a portion of its electricity grid. In this attack, Russian cyber criminals developed customized malware designed to disconnect high-voltage substations owned by a Ukrainian power company.
The Computer Emergency Response Team of Ukraine, responsible for defending against foreign hackers, stated that the attackers aimed to decommission key infrastructure components. The plan involved the activation of a malicious software “bomb” scheduled to detonate digitally on Friday. This “bomb” contained a type of malware known as “wiper” that erases all files on infected computers.
Although Russia has used similar malware in the past, this attack represents the first instance of its use against critical infrastructure since the February invasion. ESET, a Slovakian cyber security company that assisted Ukraine in detecting and removing the Russian malware, reported the deployment of “several destructive malware families.”
ESET believes that the malware provided the Russians with access to the electricity company’s industrial control systems, which are responsible for managing equipment such as generators and switchgear. These systems are typically heavily protected from outside interference due to the significant consequences of malicious tampering.
The Ukrainian authorities have identified the attackers as Sandworm, a well-known cyber threat group. Sandworm has previously been linked to the Russian GRU spy agency’s Main Centre for Special Technologies, known within Russia as Unit 74455. Ukrainian CERT stated that the Russians had infiltrated the electricity generation company’s computer networks no later than February 2022, coinciding with Russia’s invasion of Ukraine.
The Russian malware was designed to cause maximum damage by targeting specific parameters of each substation. It is worth noting that Russia has previously honed its hacking techniques against Ukraine’s electricity infrastructure in a series of attacks, including a power outage affecting 80,000 customers in 2015 and a one-hour blackout for one-fifth of Kyiv residents in 2016.
While cyberattacks on electricity grids have significant impact and attract attention, experts suggest that their long-term consequences are limited.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
