Activist company

Ukraine: Russian-linked hackers target Ukrainian power company

A hacking group linked to the Russian military attempted to infiltrate Ukrainian electrical substations and deploy malicious code capable of knocking out electricity, Ukrainian government officials and private investigators said on Tuesday.

The cyberattack appears to have been thwarted, and the Ukrainian government’s computer emergency response team said it prevented the attackers from “carrying out [their] malicious intent.” Victor Zhora, a senior Ukrainian cybersecurity official, told CNN that the hacking attempt did not affect the power company’s electricity supply.

Ukrainian officials declined to name the electric utility targeted by the hackers. But Farid Safarov, deputy minister in Ukraine’s energy ministry, told reporters that around 2 million people could have lost power if the cyberattack had succeeded.

The US Cyber ​​and Infrastructure Security Agency was working closely with Ukrainian officials to understand the incident and share any relevant information to protect US infrastructure, CISA Director Jen Easterly said. tweeted tuesday.

The hackers responsible for the incident – a group known as Sandworm which the US Department of Justice has attributed to the Russian military intelligence agency GRU – are of the utmost concern to cybersecurity researchers around the world as they cut off electricity in parts of Ukraine in 2015 and 2016. .

In the recent incident, hackers attempted to deploy malicious code “against high-voltage electrical substations in Ukraine” on April 8 and appeared to be preparing for the attack two weeks prior, according to cybersecurity firm ESET, who investigated the hack.

It’s the kind of advanced cyberattack that many US officials and cybersecurity analysts believe would accompany the Russian invasion of Ukraine.

“A lot of people expected something like this to happen, with critical infrastructure targeted by really advanced malware,” Jean-Ian Boutin, director of threat research at ESET, told CNN.

While this hack may have been thwarted, previous Sandworm hacks in Ukraine have been disruptive.

A 2015 cyberattack that US officials pinned on Sandworm knocked out power to around a quarter of a million people in Ukraine. A follow-up hack in 2016 on an electricity substation outside kyiv caused a small outage and the malicious code used was more sophisticated, analysts say.

The hacking tool used in the recent attempted cyberattack on the Ukrainian electricity company was a variant of the malware known as Industroyer that was used in the 2016 hack, ESET researchers say .

“It’s something we don’t see often. And the fact that Industrialer was used years ago…it’s very important,” Boutin said.

U.S. officials closely monitored alleged Russian cyberattacks on Ukrainian critical infrastructure before and after the February 24 Russian invasion. On February 18, the White House blamed the GRU for a separate hacking incident, which temporarily took Ukrainian government and banking websites offline.

CNN has contacted the White House to comment on the alleged hacking attempt against Ukraine’s electric company.