Ukraine says it blocked hackers trying to attack its power grid


Cyber ​​attackers have deployed a new form of malware in an attack aimed at disrupting a power plant in Ukraine.

According to Ukraine’s government computer emergency response team CERT-UA, “urgent action” has been taken after malicious hackers launched a malware attack designed to disconnect and disable industrial infrastructure controlling high voltage electrical substations.

CERT-UA specifies that an attack aimed at disabling infrastructure was planned for the evening of Friday, April 8, but that it was prevented.

A link to Sandworm

Analysis by ESET cybersecurity researchers, which helped CERT-UA combat the attack, linked the campaign to the Sandworm hacker group.

Cybersecurity agencies, including the UK’s National Cyber ​​Security Center (NCSC), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA), have previously attributed Sandworm and other Sandworm campaigns to the GRU, an intelligence service entity that is part of the Russian military.

The attack uses an updated version of the Industroyer malware, a form of malware used in previous Sandworm campaigns, which infamously caused power outages in Ukraine in 2015. Analysis of the footprint left by Industroyer2 suggests that the attack on the electrical systems had been planned for weeks.

CaddyWiper and Industroyer2

It’s still unclear how the targeted power plant was initially compromised or how the intruders got from the computer network to the Industrial Control System (ICS) network, but according to CERT-UA, the attackers broke into the building for the first time. the network in February 2022.

Along with evidence of Industrial’s presence on the network, the attackers also deployed a new version of the destructive CaddyWiper malware. The researchers believe that the latter was implanted with the intention of slowing down the energy company’s recovery processes to regain control of the ICS consoles after the planned attack.

CaddyWiper was also deployed on the machine infected by Industroyer2, with the probable aim of hiding the traces of an attack.

Ukraine targeted by cyberattacks

“Ukraine is once again at the center of cyberattacks targeting its critical infrastructure. This new Industrialist campaign follows multiple waves of wipers that have targeted various sectors in Ukraine,” ESET researchers write in a blog post.

Cybersecurity researchers have previously identified several forms of malware used in cyberattacks against Ukrainian organizations before and during Russia’s invasion of Ukraine.

Source: ZDNet.com





Source link -97