Ukraine war: Russian hackers tried damaging power grid, Ukraine says
- Ukraine says it prevented the group known as Sandworm from damaging high-voltage electrical substations, computers and networking equipment
- In 2017, Sandworm was responsible for NotPetya, a devastating ransomware campaign causing billions of dollars of damage to some of the world’s largest companies
A notorious hacking group linked to Russia’s military intelligence agency launched a cyberattack on Ukrainian energy facilities, according to Ukrainian cybersecurity officials.
The group, known as Sandworm, sought to damage high-voltage electrical substations, computers and networking equipment, according to a statement on Tuesday from Ukraine’s Computer Emergency Response Team.
The hackers carried out two waves of attacks and had sought to take offline an unnamed energy company’s infrastructure last Friday evening, according to the cybersecurity agency, following an initial breach that occurred “no later than” February.
However, “the implementation of the malicious plan has so far been prevented”, the agency said in its statement.
The hacking campaign deployed malicious “wiper” software that can delete data stored on computers, rendering them inoperable, according to researchers at the cybersecurity firm ESET LLC. ESET and Microsoft Corp assisted Ukraine with an investigation of the breach.
The hackers also deployed malicious software, known as Industroyer, which was capable of interacting with industrial control systems, according to ESET’s researchers. A previous version of the Industroyer malware was previously seen in an attack carried out by the Sandworm group on Ukraine’s power grid in 2016, the researchers said. That incident, also tied to the Sandworm group, resulted in an electrical blackout.
The US Department of Justice and the UK’s National Cyber Security Centre have previously alleged that the GRU, Russia’s military intelligence agency, is behind Sandworm.
The Russian government has denied involvement in the attacks.
According to British and American officials, the Sandworm group was in 2017 responsible for NotPetya, a devastating ransomware campaign that originated in Ukraine and later spread worldwide, causing billions of dollars of damage to some of the world’s largest companies.
