Ukraine experienced an attempted cyberattack from Sandworm, an alleged group of Russian state-sponsored hackers. The recent cyberattack has been confirmed by Ukraine's cybersecurity officials.
It has been reported that a well-known hacking group linked to Russia's military intelligence agency launched a cyberattack on Ukrainian energy facilities. The group tried to damage high-voltage electrical substations and computers as well as network equipment.
Russian Cyberattack on Ukraine
Using a new variant of the Industroyer malware for industrial control systems (ICS) as well as an updated version of the CaddyWiper data destruction malware, the Sandworm attempted to bring down a large Ukrainian energy provider by disconnecting its electrical substations on Friday, April 8.
According to Bleeping Computer, the Russian hackers behind the Sandworm used a customized version of the Industroyer industrial control system malware to infect the target high-voltage electrical substations and then attempted to wipe out the evidence of the attack by executing CaddyWiper and other data-wiping malware families such as Orcshred, Soloshred, and Awfulshred for Linux and Solaris systems.
Investigators from cybersecurity company ESET say they don't know how the attacker got into the environment or how they were able to move from the IT network into the industrial control system (ICS). They are working with the Computer Emergency Response Team of Ukraine (CERT) to fix and protect the network.
According to ESET, the industrial control system malware used in the attack is now known as Industroyer2, and it was developed using the source code of Industroyer, which was used in 2016 to cut electricity in Ukraine and was attributed to the state-sponsored Russian hacking group Sandworm. In addition, ESET assesses the situation with high confidence that this was due to the previous attack made by Sandworm.
The Attempted Cyberattack
In response to a targeted attack on a Ukrainian energy facility, the Governmental Computer Emergency Response Team of Ukraine (CERT-UA) has taken immediate action to respond to an information security incident involving the facility.
It is well known that the Ukrainian energy company was subjected to two waves of attacks over a period of time. The system breach within the company started in late February 2022.
As reported by Ukraine, the decommissioning of the company's infrastructure and the disconnection of electrical substations were scheduled to take place on Friday, April 8, 2022, in the late evening. With that, the Russian hackers' Sandworm took the opportunity for vulnerability in deploying their malicious plan, which, fortunately, was prevented.
Read Also: Anonymous Continues Hacking of Russia, Targets Streaming Services
Russian Hackers Attacking Ukraine
This is not the first time the Russian hacker group, Sandworm, has caused an unprecedented power outage in Ukraine. Threat actors were blamed for the widespread attacks in 2016, according to the U.S. cyber intelligence firm iSight Partners.
U.S. cyber intelligence firm iSight Partners stated that it has determined that a Russian hacking group known as Sandworm caused the unprecedented power outage in Ukraine in December 2015.
As reported by Reuters, "The conclusion was based on analysis of malicious software known as Black Energy 3 and KillDisk, which were used in the attack, and intelligence from "sensitive sources," he said.
Currently, even to this day, the attempted cyberattack comes as Russia continues its specialized military operations in the territory of Ukraine. This aggravated strike must have been a form of retaliation toward Ukraine and the numerous sanctions Russia has been subjected to.
Related Article: Russian Anti-Virus Company Kaspersky Officially Branded as National Security Threat