Breaking News

IEA: More Money for Energy, Not Enough to Avert Crises

The Cyberattack on Ukraine’s Electricity Grid Stopped

Ukraine’s Computer Emergency Response Team says it has repulsed an attack against its power grid. He was allegedly executed by Sandworm, a group linked to the Russian secret service.

 

The attackers allegedly attempted to disable several electrical substations from an undisclosed provider. They used a new version of the Industroyer malware for that. The latter was responsible for a blackout in large parts of Ukraine on Christmas Day 2016.

Researchers from security firm ESET have meanwhile examined the malware. In a press release, they say they are fairly certain that the malware, specifically intended for industrial controllers, was built with the source code of the ‘original’ Industroyer that was rolled out in 2016.

ESET named the new variant “Industroyer2”, and apparently, it was rolled out in an attempt to damage high-voltage substations, the company writes in its analysis. The malware was deployed in combination with a series of ‘wiper malwares’ that mainly serve to destroy data. This includes CaddyWiper, the wiper malware we saw showing up in Ukraine earlier in the war. The latter was placed on Windows systems in this attack, ostensibly in an attempt to erase traces.

According to Ukraine’s CERT, the attackers gained access to the systems before February 22 and planned to cut off electricity in a country region on April 8. It is unknown how the attackers got to the electricity provider’s system. However, CERT says it has averted the attack for now.

It is yet another cyber attack in the country, which is apparently used to support the military invasion by Russia. Security officers, including ESET, have previously found multiple wipers deployed in the country since the start of the war against infrastructure targets, government agencies, banks and even satellite networks. US security agencies also said last week that they downed a botnet used by Sandworm, while Microsoft says it took off domains used by Fancy Bear, a group linked to Russia’s secret service.

Leave a Reply