Ukraine claims to have foiled a Russian cyberattack on its power grid

“We were very lucky. » At a press conference, Deputy Director of the agency responsible for cybersecurity in Ukraine Viktor Zhora did not hide his relief. Ukrainian authorities announced on Tuesday April 12 that they had foiled a computer attack aimed at robbing them in recent days “Millions” from Ukrainians.

In fact, the Kiev authorities have discovered malware in the networks of the company responsible for supplying electricity to a Ukrainian region, programmed to cut off the electricity shortly after 7 p.m. this Friday, April 8.

Discovered and deactivated in good time, the computer attack had no effect, according to the Ukrainian authorities. “But the planned disruption was huge”, according to Mr. Zhora. A document published by MIT Technology Reviewwhich is presented as being from the Ukrainian government, is undated and describes facts very similar to those publicly mentioned by Kyiv, but states that the attack was successful “Nine substations temporarily shut down”.

One of the most important regions of the country

Authorities would not specify the company or region affected — except that the latter was one of the largest in the country, according to Deputy Energy Minister Farid Safarov.

It all started a few days ago with a warning that the Ukrainian authorities received from one “Partners” – Kyiv did not want to specify who – about the possible compromise of part of the Ukrainian power grid.

The Ukrainian experts quickly determined that one company in the industry was actually infected, and had been for several weeks. The infection initially affects the “classic” office network, on which so-called “wiper” software is discovered, which is intended to delete data and shut down computer systems. One of them, nicknamed “CaddyWiper,” had already been spotted in the networks of a Ukrainian bank and government agency without causing significant damage.

Also read: The FBI announces it has dismantled a network used by Russia for possible cyberattacks

Another, older virus called “Industroyer” (…) cut electricity from tens of thousands of Ukrainian households in the middle of winter 2016

In addition to this office network, the one for controlling the power grid was also targeted. There, the authorities discovered software that, according to the Slovakian company ESET, which is a reference in digital security for industrial systems and was able to analyze the attack directly, has very clear similarities to another, older virus called “Industrialize”. The latter was deployed in the Kyiv region in 2016, cutting power out of tens of thousands of Ukrainian homes in the middle of winter. He hadn’t been talked about in five years.

Its successor, logically dubbed “Industroyer2” by the Ukrainian authorities and the ESET company, marks a clear evolution of computer attacks on Ukraine. Since the beginning of the Russian invasion, the low intensity of the (numerous) attacks had surprised many experts. In recent weeks, the Ukrainian authorities and specialized companies have regularly reported the discovery of malware without causing any significant damage.

Russian military intelligence on the move

On the contrary, this attack seemed designed to do maximum damage in a sector “crucial to the life of this country”, in the words of Mr. Zhora. ESET’s investigation into the attack also shows that the hackers took steps to erase all traces of them once hostilities began.

According to the company – but also to the Ukrainian authorities – the authors of Industroyer2 are the same as those of its predecessor: unit 74 455 of the GRU, the Russian military intelligence service, against which several members have already been indicted in court , which is accused of in recent years ten years of carrying out large-scale attacks, particularly against Ukraine.

also read Ukraine acknowledges ‘major loss of communications’ after cyberattack on KA-SAT satellite

This discovery confirms the rise of the GRU, one of the main troublemakers in cyberspace, on the digital side of the Russian invasion of Ukraine. It also shows that the Russian security apparatus is far from giving up its attempts to attack the energy sector. Recently, the American judiciary accused several people, members of the Russian security service FSB, of being behind a group of hackers who have targeted many companies in the industry in recent years.

This computer attack could anticipate others as the Russian army prepares for the second phase of its invasion. For Mr. Zhora, the attack, which should have taken place just a few days ago, was planned “to increase the hostility of the soldiers who continue to kill civilians” and who are now pointing their guns at the Donbass.

Leave a Comment