Ukraine hasn’t been able to control Russia’s advancement into the country, but it did narrowly avert a serious cyber-attack on the country’s power grid.
The hackers, believed to be from a group dubbed Sandworm, were accused of attacking and disabling Ukraine’s electricity grid last week. However, its plans were thwarted. This is the second time the power grid had been targeted.
Ukrainian government spokesman Victor Zhora said that the attack was carried out by “a military hacking team” in order “to disable a number of facilities, including electricity substations.”
“They did not succeed, and we’re investigating,” Zhora said. The attack was likely carried out to support Russia’s current military activities in eastern Ukraine. After Moscow’s forces were pushed away from Kyiv, the military started regrouping around the capital and towards the east.
In a statement on Tuesday, the Computer Emergency Response Team of Ukraine – which is one of the government’s main cyber-divisions – said that the hacking group had deployed data-wiping malware on computers that control high-voltage substations in Ukraine.
The organization said that hackers succeeded with an “initial compromise” in February. Western experts and intelligence services believed that Sandworm is linked to Russia’s military intelligence service.
“The disconnection of electrical substations and the decommissioning of the company’s infrastructure was scheduled for Friday evening, April 8, 2022,” it said, adding that the attack was prevented by officials.
The name of the Ukrainian energy provider which was targeted has not been revealed.
However, Russia has denied accusations it launched cyberattacks on Ukraine.
Meanwhile, the malware that was used to carry out the attack is said to be an upgraded version of a malicious program that caused power blackouts in Kyiv in 2016, according to the Slovak cybersecurity firm ESET.
Despite the latest attack being thwarted, there are concerns of further attacks that could be successful ahead of a renewed military move by Russia in Ukraine’s east.
Earlier, Russian government hackers were accused of carrying out an attack on a satellite communications company on the day tanks and troops began rolling into Ukraine.
Researchers at ESET along with those from Microsoft helped foil the attack.
“Ukraine is once again at the centre of cyber attacks targeting their critical infrastructure. This new Industroyer campaign follows multiple waves of wipers that have been targeting various sectors in Ukraine,” ESET said at the time, according to Sky News.
John Hultquist, the vice president of intelligence analysis at cyber security company Mandiant, said: “Sandworm is an apex predator, capable of serious operations, but they aren’t infallible.
“The best part of this story is the work by Ukraine CERT and ESET to stop these attacks, which would have probably only worsened Ukrainian suffering.”
“It’s increasingly clear that one of the reasons attacks in Ukraine have been moderated is because defenders there are very aggressive and very good at confronting Russian actors,” he said.