Ukraine Hit By Cyberattack By Russian Hacker Group

This morning, it came to light that there was an attack on Ukraine’s critical infrastructure by cyber-criminal group Sandworm:

On Tuesday, the Ukrainian Computer Emergency Response Team (CERT-UA) and the Slovakian cybersecurity firm ESET issued advisories that the Sandworm hacker group, confirmed to be Unit 74455 of Russia’s GRU military intelligence agency, had targeted high-voltage electrical substations in Ukraine using a variation on a piece of malware known as Industroyer or Crash Override. The new malware, dubbed Industroyer2, can interact directly with equipment in electrical utilities to send commands to substation devices that control the flow of power, just like that earlier sample. It signals that Russia’s most aggressive cyberattack team attempted a third blackout in Ukraine, years after its historic cyberattacks on the Ukrainian power grid in 2015 and 2016, still the only confirmed blackouts known to have been caused by hackers.

It shows that this war is on multiple fronts including cyberspace. And Justin Fier, VP of Tactical Risk and Response at Darktrace agrees:

This news represents a major step up from the relatively unsophisticated previous DDoS attacks, and it’s particularly interesting to see that Sandworm has reared its head again. CISA and other government agencies in the Five Eyes have been anticipating an attack like this and issuing sophisticated warnings for some time. Ukraine has been dealing with this type of threat for years and has been preparing with the help of global allies, including the U.S. 

While we cannot confirm these allegations, the hope is that governments worldwide will take this seriously and realize that the same type of attack could happen to them. Any attack on Ukrainian soil could also occur anywhere else, be replicated by other cyber-criminal groups or nation-states, or cause ripple effects across the global supply chain. During this ongoing “World War Wired,” we must be concerned not only with the prospect of an inbound warhead but also infrastructure destroying cyber-attacks. The responsibility will fall on each potentially at-risk organization to bolster their defenses: they must fight fire with fire, arming themselves with the latest technologies. You go to war with the army you have, not the one you wish you built, and organizations must prepare now.

In short, the time to prepare for this sort of attack is now because you can expect targets outside of Ukraine to be hit with this sort of attack in the near future.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: