Russian hackers tried to break down the Ukrainian electricity grid to help the invasion

Russian hackers tried to break down the Ukrainian electricity grid to help the invasion

The document, written by Ukraine’s National Computer Emergency Team (CERT), describes “at least two successful attacks”, one of which began on March 19, just days after Ukraine joined the European Energy Network in an attempt to end its dependence. from Russia.

Following the announcement, Victor Zhora, Deputy Head of the State Special Service for Digital Development, described private report as “preliminary” for Wired and called it a “mistake”.

Whether successful or not, the cyber attacks on Ukraine’s power grid represent a dangerous continuation of Russia’s aggression against Ukraine through a hacker group known as Sandworm, identified by the United States as Unit 74455 of Russia’s military intelligence agency.

Hackers believed to work for Russian intelligence previously disrupted Ukraine’s power system in both 2015 and 2016. While the 2015 attack was mostly manual, the 2016 incident was an automated attack carried out using malware known as Industroyer. The malware that investigators found in the 2022 attacks was named Industroyer2 because of its similarity.

“We are dealing with an opponent who has been drilling us for eight years in cyberspace,” Zhora told reporters on Tuesday. “The fact that we managed to prevent it shows that we are stronger and more prepared [than last time]. ”

ESET analysts dissected the Industroyer2 code to map its capabilities and objectives. The hackers tried not only to turn off the electricity, but also to destroy the computers that the Ukrainians use to control their network. This would cut off the ability to quickly restore electricity to the grid using the company’s power generation computers.

In previous cyber attacks, the Ukrainians were able to quickly regain control within a few hours by returning to manual operations, but the war made it extremely difficult. It is not so easy to send a truck to a substation when enemy tanks and soldiers could be nearby, and computers were sabotaged.

“When they are openly waging war against our country, hitting Ukrainian hospitals and schools, there is no point in hiding,” Zhora said. “Once you hit Ukrainian houses with rockets, there is no need to hide.”

Given Moscow’s successful results in aggressive cyber attacks on Ukraine and around the world, experts expected that hackers in that country would appear and cause damage. U.S. officials spent months warning about escalation from Russia like that fights in the land war with Ukraine.

During the war, Ukraine and the United States blamed Russian hackers for using multiple wipers. Financial and government systems are affected. Kiev has also been the target of denial-of-service attacks, which have made government websites useless at key moments.

However, the Industroyer2 attack marks the most serious known cyber attack in the war to date. Ukrainian cybersecurity officers are working with Microsoft and ESET to investigate and respond.

It is one of the few publicly known incidents in which government-backed hackers targeted industrial systems.

The first came to light in 2010, when it was revealed that malicious software known as Stuxnet was created – allegedly by the United States and Israel – to sabotage Iran’s nuclear program. Hackers backed by Russia are also alleged launched more such campaigns against industrial targets in Ukraine, the United States and Saudi Arabia.

The article was updated to note that a Ukrainian official described an earlier UA-CERT report as “preliminary” and “error”.

Source link

Leave a Reply