Ukraine said on Tuesday it had foiled an attempt by Russian hackers to damage its electricity grid through a cyber attack last week.
“It’s a military hacking group,” said Victor Zora, a government spokesman. “Their goal was to disable a number of facilities, including power substations.”
“They did not succeed, and we are investigating.”
Kyiv has blamed researchers for attacking a group called “Sandworm” and has previously blamed Russia for the cyber-attack. Zora said the attack was probably carried out in support of Russia’s military operations in eastern Ukraine.
Russian officials could not be reached for comment Tuesday. Moscow has consistently denied carrying out cyber attacks on Ukraine.
Ukraine’s Computer Emergency Response Team (CERT-UA) said in a statement that the hackers targeted computers controlling Ukraine’s high voltage substations, belonging to a power company that was not identified by CERT-UA.
The hackers struck two waves, the first compromised with the power network after February, the second before the attack, which included plans to shut down the substation and damage infrastructure last Friday evening, it said. Ukraine was able to repel the attack and no damage was done to the grid.
Slovakian cybersecurity firm ESET, which says it has worked with Ukraine to thwart the attack, has described the malware as an upgraded version of a program that led to the 2016 Kiev power blackout.
One piece of malware was designed to capture power supply computer networks “to cut off power”, while another program was set up to delete data to slow down online power recovery efforts.
“Sandworm is a top predator, capable of conducting serious operations, but they are not wrong,” said John Haltquist of the US cybersecurity firm Mandiant.
“It is becoming increasingly clear that one of the reasons for the moderation of attacks in Ukraine is that the defenders there are very aggressive and very good at dealing with Russian actors.”
Thomson Reuters 2022