The hacker group Sandworm, which is thought to be backed by Russia, is launching a devastating cyber attack on Ukraine’s electrical infrastructures.
A suspected cyberattack on energy infrastructures across the country has been thwarted, according to a statement released by the Ukraine Cyber Incident Response Team (CERT-UA) on Tuesday. According to the statement, the attackers especially tried to seize the electrical substations and Windows to Linux servers belonging to the targets.
ESET, which carried out the analysis process of the attack, said that an updated version of a malware called Industroyer , which was previously used in 2016 to infect Ukrainian ICS infrastructures, was again encountered . Named
Industroyer2, this venture was used by Russia-backed Sandworm actors against high-voltage power plants in Ukraine, along with other malware called OrcShred, CaddyWiper, SoloShred, and AwfulShred.
According to research, it is known that the networks were accessed for the first time in February 2022, close to the occupation of Ukraine. Named the biggest threat to industrial control systems after Stuxnet, Industroyer2 can personally take control of transformers and circuit breakers and even manage protection relays. CaddyWiper, on the other hand, deletes the traces of other pests every 10 minutes, making it difficult to detect in systems.
Although there is no clear information, it is believed that Sandworm is behind the “deface” attempt against 70 Ukrainian government websites, which we have reported before .
Russia has always been a state that has constantly increased its competence in the cyber field as well as giving importance to its physical war power. Of course, it is part of their clever war strategy to cut off the power of enemy cities and disrupt power plants with the help of malicious code snippets, without casualties of soldiers.