April 12– The Ukrainian government has stated that it narrowly averted a significant cyber attack. The attack appears to have been directed towards the country’s power grid.
Ukraine power grid threat
Cyber criminals targeted one of the country’s largest energy firms. Attackers allegedly attempted to shut down sub-stations, which would have resulted in blackouts for as many as 2 million people.
“The hackers planned the electrical outages for 8 April, to strike on Friday evening, before the weekend,” says Viktor Zhora, deputy chairman of the State Service of Special Communications in Ukraine. According to Reuters, this may represent the second stage of compromise in a coordinated attack.
The malicious software leveraged within the attack retains similarities to that used by hackers who have previously caused power cuts in Kyiv.
What is Sandworm?
Cyber security researchers believe that the nation-state backed military group known as Sandworm is responsible. Thus far, the attack represents the most serious of cyber attacks launched against Ukraine since the beginning of this year.
Researchers across the world helped to identify and neutralize the malicious software. Remediation has been completed.
The Sandworm hacking group is also believed to be responsible for blackouts that affected more than 200,000 homes in several towns and cities during 2021.
According to researchers, in the latest attack, Sandworm attackers attempted to deploy the Industroyer2 malware against high-voltage electrical substations and also attempted to deploy several other insidious malware types, including CaddyWiper.
The latter form of malware has been seen across Ukraine in recent weeks. It’s designed to erase data on affected computer systems. On the first day of the Ukraine invasion, this same form of malware was also used to disrupt the US satellite communications provider known as Viasat.
For more information about this story, visit the BBC. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.