Russian military-linked hackers target Ukrainian power company, investigators say


The cyberattack appears to have been thwarted, and the Ukrainian government’s computer emergency response team said it prevented the attackers from “carrying out [their] malicious intent.” Victor Zhora, a senior Ukrainian cybersecurity official, told CNN that the hacking attempt did not affect the power company’s electricity supply.

Ukrainian officials declined to name the electric utility targeted by the hackers. But Farid Safarov, deputy minister in Ukraine’s energy ministry, told reporters that around 2 million people could have lost power if the cyberattack had succeeded.

The US Cyber ​​and Infrastructure Security Agency was working closely with Ukrainian officials to understand the incident and share any relevant information to protect US infrastructure, CISA Director Jen Easterly said. tweeted tuesday.
The hackers responsible for the incident – a group known as Sandworm which the US Department of Justice has attributed to the Russian military intelligence agency GRU – are of the utmost concern to cybersecurity researchers around the world as they cut off electricity in parts of Ukraine in 2015 and 2016. .
In the recent incident, hackers attempted to deploy malicious code “against high-voltage electrical substations in Ukraine” on April 8 and appeared to be preparing for the attack two weeks prior, according to cybersecurity firm ESET, who investigated the hack.

It’s the kind of advanced cyberattack that many US officials and cybersecurity analysts believe would accompany the Russian invasion of Ukraine.

“A lot of people expected something like this to happen, with critical infrastructure targeted by really advanced malware,” Jean-Ian Boutin, director of threat research at ESET, told CNN.

While this hack may have been thwarted, previous Sandworm hacks in Ukraine have been disruptive.

A 2015 cyberattack that US officials pinned on Sandworm knocked out power to around a quarter of a million people in Ukraine. A follow-up hack in 2016 on an electricity substation outside kyiv caused a small outage and the malicious code used was more sophisticated, analysts say.

The hacking tool used in the recent attempted cyberattack on the Ukrainian electricity company was a variant of the malware known as Industroyer that was used in the 2016 hack, ESET researchers say .

“It’s something we don’t see often. And the fact that Industrialer was used years ago…it’s very important,” Boutin said.

U.S. officials closely monitored alleged Russian cyberattacks on Ukrainian critical infrastructure before and after the February 24 Russian invasion. On February 18, the White House blamed the GRU for a separate hacking incident, which temporarily took Ukrainian government and banking websites offline.

A spokesperson for the Biden administration’s National Security Council said the attempted hack into Ukraine’s electric utility this month “clearly demonstrates that disruptive and destructive cyberattacks against Ukraine continue, and we applaud the work of defenders of the Ukrainian network in responding to it.”

The incident also serves as a “reminder of the need for the U.S. cybersecurity community to continue to take action to counter potential cyber threats to U.S. critical infrastructure,” the NSC spokesperson said in a mailed statement. electronic.

This story has been updated with an additional comment.

Source link


Comments are closed.