Ukraine said on Tuesday it had thwarted an attempt by Russian hackers last week to damage its electricity grid with a cyberattack.
“This is a military hacking team,” said government spokesman Victor Zhora. “Their aim was to disable a number of facilities, including electricity substations.”
“They did not succeed, and we’re investigating.”
Kyiv blamed the attack on a group dubbed “Sandworm” by researchers and previously tied to cyberattacks attributed to Russia. The attack was likely carried out to support Russian military activities in eastern Ukraine, Zhora said.
Russian officials could not be immediately reached for comment on Tuesday. Moscow has consistently denied accusations it has launched cyberattacks on Ukraine.
The Computer Emergency Response Team of Ukraine (CERT-UA) said in a statement the hackers had targeted computers controlling high voltage substations in Ukraine, belonging to an energy company that CERT-UA did not identify.
The hackers had struck in two waves, first compromising the power network no later than February, before the second attack, which included a plan to shut substations and harm infrastructure last Friday evening, it said. Ukraine managed to prevent the attack from taking place, and there was no damage to the grid.
Slovakian cybersecurity firm ESET, which said it had worked with Ukraine to foil the attack, described the malware as an upgraded version of a programme which had caused power blackouts in Kyiv in 2016.
One piece of malware was designed to take over computer networks at the energy provider “in order to cut power”, while a second programme was deployed to wipe out data to slow attempts to get power back online.
“Sandworm is an apex predator, capable of serious operations, but they aren’t infallible,” John Hultquist of US cybersecurity firm Mandiant said.
“It’s increasingly clear that one of the reasons attacks in Ukraine have been moderated is because defenders there are very aggressive and very good at confronting Russian actors.”
© Thomson Reuters 2022