Sandworm hackers thought they were attacking a French hydroelectric dam, but they hacked a private mill


Mélina LOUPIA

April 20, 2024 at 10:54 a.m.

8

Hackers from the Russian Sandworm gang missed their target © Melnikov Dmitriy / Shutterstock

Hackers from the Russian Sandworm gang missed their target © Melnikov Dmitriy / Shutterstock

Sandworm targeted a hydroelectric plant in Yonne, but actually attacked a private mill in Marne.

This cyberattack could have been claimed by Les Pieds nickelés or the soldiers of the 7e company ! It’s a minor failure that nevertheless hides actions related to Sandworm, this gang of “elite hackers” in the pay of the Russian government.

A priorithe images, which our colleagues from the newspaper obtained The world, show cyberhackers filming themselves sabotaging what they claim to be the Courlon-sur-Yonne (Yonne) hydroelectric dam using remote hacking software. The video also shows aerial views likely captured by a drone of the dam in question. In reality, according to The worldif a computer attack was indeed carried out, it did not affect the Courlon power plant but… the Courlandon mill, in the Marne.

Always according to The worldwe do not yet know if it is an error by one of the hackers or a propaganda campaign like the Telegram channel which broadcast the video of the attack.

The CyberArmyofRussia_Reborn Telegram channel run by Sandworm, the elite hackers of the GRU

The Telegram channel CyberArmyofRussia_Reborn is well known by Russian hackers, who publish their cybercriminal exploits there with a lot of videos of their cyberattacks on behalf of Russia. It is on this channel that the famous video of the alleged cyber sabotage of the Courlon-sur-Yonne hydroelectric power station was broadcast on March 2, 2024.

Despite this poorly targeted attack, the CyberArmyofRussia_Reborn channel hackers should not be underestimated. In the past, they have claimed responsibility for cyberattacks against water treatment or distribution facilities, the consequences of which could have been problematic. A recent report from Mandiant, Google’s cybersecurity company, revealed that this propaganda network is controlled by Sandworm, one of the main elite units of Russian military intelligence (GRU).

Since the start of the conflict with Ukraine, Sandworm has coordinated several cyberattacks on water treatment or distribution infrastructure in countries allied to Ukraine, such as Poland or the United States. It thus became Moscow’s main cyber sabotage unit.

However, according to The world, it is possible that human error is at the origin of this blunder. In fact, by typing “ Courlandon dam » on Yandex, the main search engine in Russia, one of the first results displays an amateur video of the Courlon-sur-Yonne power plant, taken by a drone, like the one broadcast on CyberArmyofRussia_Reborn.

Sandworm also targets French infrastructure © Mehaniq / Shutterstock

Sandworm also targets French infrastructure © Mehaniq / Shutterstock

A real cyber sabotage for a bad target

In France, we remain perplexed by this failure. It was by analyzing the short film that the management of Groupe Energies France, in charge of managing the Courlon site, noticed the blunder. “ The images speak for themselves: the video starts with an aerial photo of the Courlon dam, but when it shows the piloting part, we see that it is the Courlandon power station “, she explains.

Courlandon, this small peaceful village in the Marne of 300 souls, which understands nothing of this story. And for good reason, the cyberattack, which hit the hydroelectric installation housed in a small private mill in the town, only lowered the water level of the Vesle, the small river upstream by 20 centimeters. .

Romain Eudes, the operator of the Courlandon power plant, explains the very limited risks of major damage in the event of a cyberattack on this small private power plant. “ Remotely, apart from turning off and on the electricity production, there is not much a hacker can do », he declares before adding that the Vesle cannot overflow, thanks to “ safety features throughout these facilities, including physical safety features, with a spillway “.

Whether the hackers directly or indirectly linked to Sandworm have tripped over themselves, or whether they have deliberately sought to sow doubt or to show what they are capable of by covering their tracks, the fact remains that the Russia intends to pull the strings of the cyber scene. As a reminder, in 2022, Russian cyberattacks against NATO members increased by 300%.

Sources: The Pixel World, Google

Mélina LOUPIA

Ex-corporate journalist, the world of the web, networks, connected machines and everything that is written on the Internet whets my appetite. From the latest TikTok trend to the most liked reels, I come from...

Read other articles

Ex-corporate journalist, the world of the web, networks, connected machines and everything that is written on the Internet whets my appetite. From the latest TikTok trend to the most liked reels, I come from the Facebook generation that still fascinates the internal war between Mac and PC. As a wise woman, the Internet, its tools, practices and regulation are among my favorite hobbies (that, lineart, knitting and bad jokes). My motto: to try it is to adopt it, but in complete safety.

Read other articles





Source link -99