The cyber attack appears to have been thwarted, and the Ukrainian government’s computer emergency response team said it had prevented the attackers from “committing [their] malicious intent. “Viktor Zhora, a senior Ukrainian cybersecurity officer, told CNN that the hacking attempt did not affect the power company’s electricity supply.
Ukrainian authorities declined to name the hacking company. But Farid Safarov, deputy minister in Ukraine’s energy ministry, told reporters that about 2 million people could lose electricity if the cyberattack was successful.
The US Cyber Security and Infrastructure Security Agency worked closely with Ukrainian officials to understand the incident and share any relevant information to protect US infrastructure, CISA Director Jen Easterly tweeted on Tuesday. Hackers blamed the incident on a group known as Sandworm, which the US Justice Department attributes to Russia’s military intelligence agency GRU – of greatest concern to cybersecurity researchers around the world as they cut off power to parts of Ukraine in 2015 and 2016 In a recent incident, hackers tried to implement a malicious code “against high-voltage power substations in Ukraine” on April 8 and seemed to be preparing for the attack two weeks earlier, according to cybersecurity company ESET, which is investigating the hacking.
This is a type of advanced cyber attack that many US officials and cybersecurity analysts say will accompany Russia’s invasion of Ukraine.
“A lot of people expected something like this to happen, with critical infrastructure driven by really advanced malware,” Jean-Ian Butin, ESET’s director of threat research, told CNN.
Although this hack may have been thwarted, previous Sandworm hacks in Ukraine have been destructive.
A 2015 cyberattack commissioned by US officials at Sandworm cut off power to about a quarter of a million people in Ukraine. A subsequent hack in 2016 at an electrical substation outside Kyiv caused less blackouts and the malicious code used was more complex, analysts said.
The hacking tool used in the recent cyber-attack on the Ukrainian energy company was a variant of the malware known as Industroyer, which was used in the 2016 hack, ESET researchers said.
“It’s something we don’t see often. And the fact that Industroyer was used years ago … it’s very important,” Butin said.
U.S. officials are closely monitoring alleged Russian cyberattacks against Ukraine’s critical infrastructure before and after the February 24 Russian invasion. On February 18, the White House blamed the GRU for a separate hacking incident that temporarily took Ukrainian websites and banks offline.
CNN asked the White House to comment on the alleged hacking attempt against the Ukrainian energy company.
Add Comment