Russians combine power plant bombing with cyberattacks

Analysis of Russian attacks in 2022 on Ukraine’s energy system shows that the Russian military combined its missile launches with prepared cyberattacks. Cybersecurity company Mandiant releases a report on November 9 exposing a Russian attack on a power plant.

On October 10, 2022, Russia launched 84 rockets and 24 drones on around twenty Ukrainian cities, targeting in particular energy infrastructure. At the same time, a cyberattack was launched against a power plant in one of the bombed communities. The operation is led by the famous Kremlin hacker group Sandworm. The hackers are already in the system, hijacking the MicroSCADA software (a standard program in the energy industry) to cut the power.

Two days after the outage, Sandworm came back with a new version of its CaddyWiper malware. This attack did not affect industrial systems, only data. The objective could be to disrupt the work of employees or to erase traces of their infiltration.

Cyberattacks to watch out for in Europe

Mandiant experts indicate that the infiltration into the system would have started in June 2022. The hackers did not use Trojan horses, but used subtle techniques called “Living of the Land” (LotL). Concretely, hackers trap employees with perfectly legitimate authorization requests in software. The security system does not detect the infiltration since the hacker just obtained entry by deceiving his target. Sandworm then dug into the network until launching its attack three months later, just as rockets were raining down on the power plants.

For John Hultquist, chief analyst at Mandiant, this is a worrying precedent. “ We’re going to have to ask ourselves tough questions about our ability to defend ourselves against this kind of attack. “, he declared in the press release. Ukraine will obviously still be on the front line this winter facing these hybrid operations, but Europe must also prepare for this type of attack.

Subscribe to Numerama on Google News so you don’t miss any news!