The document, written by the state-run Ukrainian Computer Emergency Response Team (CERT), describes “at least two successful attack attempts”, one of which began on March 19, just days after Ukraine joined Europe’s power grid. End dependence on Russia.
Following the publication, Victor Zora, deputy head of Ukraine’s State Special Service for Digital Development, described the private report as “preliminary” by Wired and a “mistake.”
Whether they succeed or not, cyber attacks on Ukrainian power grids continue dangerously in Russia’s invasion of Ukraine by a hacking group known as the Sandworm, which the United States has identified as Unit 74455 of Russia’s military intelligence agency.
Hackers believed to be working for Russian intelligence had previously disrupted power systems in Ukraine in both 2015 and 2016. While the 2015 attack was largely manual, the 2016 incident was an automated attack using malware known as Industrialist. The malware that investigators found in the 2022 attack has been dubbed as Industry 2 for its similarity.
“We are working with an opponent who has been drilling into us in cyberspace for eight years,” Zora told reporters Tuesday. “The fact that we were able to stop it shows that we are stronger and more prepared [than last time],
ESET analysts split the code of Industroyer2 to map its capabilities and goals. The hackers tried to destroy not only the power but also the computers used by the Ukrainians to control their grid. This will turn off the ability to quickly restore power online using the power company’s computer.
In previous cyber attacks, Ukrainians were able to return to manual operations and gain control quickly within hours, but the war has made it extremely difficult. It is not easy to send a truck to a substation when enemy tanks and troops may be nearby and computers have been vandalized.
“When they are openly waging war against our country, pushing Ukrainian hospitals and schools, there is no point in hiding it,” Zora said. “Once you have hit Ukrainian homes with rockets, there is no need to hide.”
Given Moscow’s successful track record of invading cyber attacks in Ukraine and around the world, experts are predicting that the country’s hackers will appear and do harm. United States officials have been warning Russia for months about escalating into a land war with Ukraine.
During the war, both Ukraine and the United States have accused Russian hackers of using multiple vipers. The financial and governmental system has been hit. Kiev has also been the target of denials of service attacks, which have made government websites useless at key moments.
However, the Industroyer2 attack is by far the most serious known cyber attack in the war. Ukrainian cyber security officials are working with Microsoft and ESET to investigate and respond.
It is one of the few publicly known incidents in which government-backed hackers have targeted industrial systems.
It first came to light in 2010, when it was revealed that the malware, known as Stuxnet, was created in a report to sabotage Iran’s nuclear program – by the United States and Israel. Russia-backed hackers have reportedly launched multiple such campaigns against industrial targets in Ukraine, the United States and Saudi Arabia.
The article was updated to note that the Ukrainian official described the previous UA-CERT report as “initial” and “error”.