Russian Military Linked Hackers Target Ukrainian Power Company Investigators Say

Ukrainian officials have refused to name the electricity company targeted by the hackers. However, Farid Safarov, a deputy minister in Ukraine’s energy ministry, told reporters that some 2 million people could have lost their power if the cyber-attack was successful. The US Cyber ​​Security and Infrastructure Security Service was working closely with Ukrainian officials to understand the incident and share any relevant information on US infrastructure protection, CISA Director Jen Easterly wrote on Twitter. The hackers blamed the incident – a group known as the Sandworm that the US Department of Justice has attributed to Russia’s military intelligence service GRU – on cybersecurity investigators around the world, as they cut off power to parts of Ukraine in 2015 and in 2016. In a recent incident, hackers attempted to develop malicious code “against high-voltage power substations in Ukraine” on April 8 and appeared to be preparing for the attack two weeks ago, according to cybersecurity company ESET, which investigated the hacking. . It’s the kind of advanced cyberattack that many US cybersecurity officials and analysts have predicted will accompany Russia’s invasion of Ukraine. “A lot of people were waiting for that to happen, with critical infrastructure targeting really sophisticated malware,” Jean-Ian Boutin, ESET’s director of threat research, told CNN. Although this hack may have been prevented, previous Sandworm invasions in Ukraine have been annoying. A 2015 cyber attack by US officials on Sandworm cut off power to about a quarter of a million people in Ukraine. A subsequent hack in 2016 at a power substation outside Kyiv caused a smaller blackout and the malicious code used was more complicated, according to analysts. The hacking tool used in the recent cyber-attack on the Ukrainian energy company was a variant of the malware known as Industroyer used in the 2016 hack, ESET researchers said. “It’s something we don’t see often. And the fact that Industroyer was used years ago … that’s very important,” Boutin said. US officials are closely monitoring suspected Russian cyber attacks on vital Ukrainian infrastructure before and after the February 24 invasion of Russia. The White House on February 18 blamed a separate hacking incident, which temporarily shut down Ukrainian government and bank websites, to the GRU. CNN contacted the White House to comment on the alleged hacking attempt against the Ukrainian energy company.