Ukraine claims to have thwarted a Russian cyberattack on its power grid

“We were very lucky.” At a press conference, the deputy director of the agency responsible for cybersecurity in Ukraine, Viktor Zura, did not hide his satisfaction. On Tuesday, April 12, the Ukrainian authorities announced that they had thwarted a computer attack in recent days with the aim of denial “Millions” from the Ukrainians.

Indeed, in the networks of the company responsible for supplying electricity to a Ukrainian region, the Kyiv authorities discovered a malicious program programmed to cut the power on Friday, April 8, shortly after 7 pm.

Ukrainian authorities said that the computer attack, which was detected in time and disabled, had no effect. “But the planned disruption was huge.”According to Mr. Zahra. document Posted by MIT Technology Reviewpresented as issued by the Ukrainian government, undated and describing facts very close to those stated publicly by Kyiv, and nonetheless specifying that the attack succeeded in Temporarily closing nine sub-stations.

One of the most important regions of the country

The authorities did not want to identify the target company, nor the region in question – except that the latter was one of the largest in the country, according to Fred Seferov, deputy energy minister.

It all started a few days ago with a warning received by the Ukrainian authorities from a ” a partner “ – Kyiv did not want to specify who – about the possible settlement of part of the Ukrainian power grid.

Ukrainian experts quickly discovered that a company in the sector had already been hit, and had been for at least several weeks. The infection first relates to its “classic” office network, where the so-called “squeegee” program, designed to erase data and disable computer systems, is discovered. One of them, nicknamed “CaddyWiper”, has already been detected in the networks of a Ukrainian bank or government entity, without causing any noticeable harm.

Read also: The FBI has announced that it has dismantled a network used by Russia to launch potential cyber attacks

Another older virus, called “Industroyer”, (…) deprived of electricity, in the middle of winter, several tens of thousands of Ukrainian homes in 2016

In addition to this office network, the network dedicated to controlling the electrical network was targeted. The authorities there discovered software that, according to the Slovak company ESET, which is a reference in digital security for industrial systems and which was able to analyze the attack directly, is clearly similar to another older virus called “manufacturing”. The latter was deployed in 2016 in the Kyiv region and deprived tens of thousands of Ukrainian homes of electricity in the middle of winter. It hasn’t been talked about for five years.

Its successor, logically called “Industroyer2” by the Ukrainian authorities and ESET, represents a clear complication of computer attacks targeting Ukraine. Since the beginning of the Russian invasion, the low intensity of the (many) attacks has surprised many experts. In recent weeks, the Ukrainian authorities and specialized companies have regularly announced the discovery of malware, without the latter causing significant damage.

Russian Military Intelligence on the move

This attack, on the contrary, appears designed to inflict maximum damage in a sector “Crucial to the life of this country”In the words of Mr. Zahra. The attack study by ESET also reveals that hackers have taken measures to erase all traces of them once hostilities have started.

According to the company – as well as the Ukrainian authorities – the authors of Industroyer2 are the same as those of its predecessor: Unit 74455 of the GRU, the Russian military intelligence service, many of whose members have already been indicted by courts. , accused of carrying out large-scale attacks during the past ten years, in particular against Ukraine.

Read also Ukraine realizes “a huge loss of communications” after a cyber attack on the KA-SAT satellite

This discovery confirms the rise of the GRU, one of the main troublemakers in cyberspace, in the digital aspect of the Russian invasion of Ukraine. It also shows that the Russian security service is far from giving up its attempts to attack the energy sector. Recently, the American justice accused several individuals, members of the FSB, the Russian security services, of being behind a group of hackers that have targeted many companies in the sector in recent years.

This computer attack could paint the profile of others, as the Russian army prepares for the second phase of its invasion. For Mister Flower, the attack, which should have happened only a few days ago, was supposed to take place “to reinforce the hostility of soldiers who continue to kill the civilian population” And who are now directing their weapons towards the Donbass.

Leave a Comment

Your email address will not be published.