Russian hackers tried to bring down Ukraine’s power grid to help the invasion

Russian hackers tried to bring down Ukraine’s power grid to help the invasion

The impact of this attack is still unclear. Officials from Ukraine claim they stopped the attack, which they believe was meant to support Russian military operations against eastern Ukraine. The hack could have caused the worst cyber-induced blackout in history if it was successful.

But according to a Ukrainian government document that was shared with international partners in recent weeks, Russian hackers did recently break into a Ukrainian power company and temporarily shut down nine electric substations. The document was shared with MIT Technology Review. It has not been made publicly. Officials from Ukraine have not responded to a request to comment and have not confirmed that the two events are related.

The document, which was written by the state-run Ukrainian Computer Emergency Response Team (CERT), describes “at least two successful attack attempts,” one of which began on March 19, just days after Ukraine joined Europe’s power grid in a bid to end dependence on Russia.

After publication, Victor Zhora, Ukraine’s deputy head of the State Special Service for Digital Development, described the private report as “preliminary” to Wired and called it a “mistake.”

Whether they were successful or not, the cyberattacks on the Ukrainian power grid represent a dangerous continuation in Russia’s aggression against Ukraine through a hacking group known as Sandworm, which the United States has identified as Unit 74455 of Russia’s military intelligence agency.

Hackers believed to be working for Russian intelligence previously disrupted the power system in Ukraine in both 2015 and 2016. While the 2015 attack was largely manual, the 2016 incident was an automated attack carried out using malware known as Industroyer. The malware that investigators found in the 2022 attacks has been dubbed Industroyer2 for its similarity.

We are dealing with an enemy who has been drilling us in cyberspace for eight years,” Zhora said to reporters on Tuesday. “The fact that it was possible to stop it shows that we are stronger [than last time].”

Analysts from ESET dissected Industroyer2’s code to map its capabilities. Hackers tried to shut down power and also to destroy the computers used by the Ukrainians to control their grid. This would have prevented power companies from being able to quickly bring power back online.

In previous cyberattacks, Ukrainians were capable of quickly regaining control within hours using manual operations. However, the war has made this extremely difficult. It is not easy to send a truck to a substation if enemy tanks and soldiers are nearby and computers have been sabotaged. “When they are openly waging war against our country and pummeling Ukrainian schools and hospitals, it doesn’t make sense for us to hide,” Zhora stated. “Once you hit Ukrainian homes with rockets, there’s no need to hide

Experts have been anticipating that hackers from Russia would appear and cause damage. United States officials have spent months warning about escalation from Russia as it struggles in the ground war with Ukraine.

Both the United States and Ukraine have blamed Russian hackers for using multiple wipers during the war. Both financial and government systems were affected. Denial of service attacks have also hit Kyiv, rendering government websites inaccessible at crucial moments.

However, the Industroyer2 cyberattack is the most serious in the war. Ukrainian cybersecurity officials are working closely with Microsoft and ESET to investigate the incident and respond.

This is one of a few incidents in which government-backed hackers have attacked industrial systems.

The first came to light in 2010, when it was revealed that malware known as Stuxnet had been crafted–reportedly by the United States and Israel–to sabotage Iran’s nuclear program. Russia-backed hackers have also reportedly launched multiple such campaigns against industrial targets in Ukraine, the United States, and Saudi Arabia.

The article was updated to note that a Ukrainian official described the earlier UA-CERT report as “preliminary” and a “mistake. “

Read More