The attack was the first in five years to use Sandworm’s Industroyer malware, which is designed to automatically trigger power disruptions.
On Tuesday, the Ukrainian Computer Emergency Response Team (CERT-UA) and the Slovakian cybersecurity firm ESET issued advisories that the Sandworm hacker group, confirmed to be Unit 74455 of Russia’s GRU military intelligence agency, had targeted high-voltage electrical substations in Ukraine using a variation on a piece of malware known as Industroyer or Crash Override.
The new malware, dubbed Industroyer2, can interact directly with equipment in electrical utilities to send commands to substation devices that control the flow of power, just like that earlier sample.It signals that Russia’s most aggressive cyberattack team attempted a third blackout in Ukraine, years after its historic cyberattacks on the Ukrainian power grid in 2015 and 2016, still the only confirmed blackouts known to have been caused by hackers.
Viktor Zhora, a senior official at Ukraine’s cybersecurity agency, known as the State Services for Special Communication and Information Protection (SSSCIP): “The hack attempt did not affect the provision of electricity at the power company. It was promptly detected and mitigated. But the intended disruption was huge.
We have been dealing with an opponent that has been constantly training us, drilling us. Since 2014 we’ve been under constant aggression, and our expertise is unique in how to rebuff this aggression. We’re stronger. We’re more prepared. And of course, we will secure victory.”
Read more via WIRED
- Come Back Alive is one of the largest charitable foundations that supports Ukrainian soldiers, founded by the IT specialist Vitaliy Deynega. The organization collected more than 210 million UAH (more than $7M) in 2014. According to Na chasi, the Patreon page Come Back Alive is in the top ten projects by the number of financial donations.
- Army SOS, which develops drones;
- Everybody Can, an organization that supports internally displaced people;
- Help on the Ministry of Defense website.