Ukrainian authorities have accused hackers working for Russian military intelligence of a new cyber attack targeting the country’s electricity grid and power supply.
The attack was planned to take place last Friday, 8 April, when the malware targeting an unidentified company would have shut down several high-voltage electrical substations in Ukraine.
While the country’s cyber security experts managed to prevent any disruption to power supply, there are concerns further attacks could be successful ahead of a renewed push from Russia in the east.
Get the latest live updates on the war in Ukraine
Please use Chrome browser for a more accessible video player
Key developments:
• Ukraine’s President Volodymyr Zelenskyy has pleaded for more weapons from the West, particularly for the defence of Mariupol
• Austrian Chancellor Karl Nehammer met Russian President Vladimir Putin and warned that an offensive in Ukraine’s east was “being prepared on a massive scale”
• Allegations of rape, executions, and other war crimes are still coming to light in areas around Kyiv, where the Russians pulled out in recent weeks. Russia says these are Ukrainian and Western provocations
• Reuters data shows that, while many Western countries have tightened sanctions on Russia, India – lured by massive discounts – has purchased more Russian crude oil since the beginning of the invasion than it did for the whole of last year
• Russia’s foreign minister Sergei Lavrov said Russia would not stop fighting for any new round of peace talks. Talks were last held on 1 April
• The UK Ministry of Defence said Russian shelling has continued in Donbas but Ukrainian forces have beaten back several assaults and destroyed Russian military vehicles and equipment
Read more: Cyber, war and Ukraine – what does recent history teach us to expect?
Ukraine war: Vladimir Putin pledges lunar probe in 2022 in rare public appearance since invasion began
Ukraine prepares for ‘battle for Donbas’ where Russian forces ‘could triple’ in number
Ukraine war: ‘People get nabbed’ – Kherson refugees tell of life under Russian occupation
Russian military intelligence behind attacks
The new allegation follows reports that Russian government hackers were behind an attack on a satellite communications company on the day tanks and troops began rolling into Ukraine.
According to researchers at ESET, who alongside Microsoft helped foil the attack, the new malware is similar to that used against Ukrainian banks and government entities at the beginning of the invasion.
It was also similar to the so-called “Industroyer” campaign that caused a power blackout in Kyiv in December 2016, one of the first ever attacks on critical infrastructure, which resulted in a 75-minute power outage.
Ukraine identified the hacking group by the industry name Sandworm, which authorities in Britain and the US have assessed “with high confidence that the GRU [Russian military intelligence] was almost certainly” behind.
ESET stated: “Ukraine is once again at the centre of cyber attacks targeting their critical infrastructure. This new Industroyer campaign follows multiple waves of wipers that have been targeting various sectors in Ukraine.”
Ukrainian authorities are on the lookout for signs of similar threats affecting other organisations in the country.
John Hultquist, the vice president of intelligence analysis at cyber security company Mandiant, said: “Sandworm is an apex predator, capable of serious operations, but they aren’t infallible.
“The best part of this story is the work by Ukraine CERT and ESET to stop these attacks, which would have probably only worsened Ukrainian suffering.”
“It’s increasingly clear that one of the reasons attacks in Ukraine have been moderated is because defenders there are very aggressive and very good at confronting Russian actors,” he said.