The conflict between Russia and Ukraine is the perfect example of modern warfare combining troop attacks, the use of new technologies and cyberattacks. According to a Reuters report, analysts and cybersecurity officials foiled an attack targeting some electrical installations.
Also according to the report, cybersecurity firm ESET claims the attack was carried out by a group of hackers called Sandworn with alleged ties to the Russian government. An attack that seems to have been prepared well in advance since the main software used was compiled several weeks before their planned launch.
A very specific malware for this attack
According to ESET, this attack implemented a lot of malware like the recently discovered CaddyWiper. New software called Industroyer2 was also discovered. This is a variant of the original Industroyer used in an attack that knocked out electricity in kyiv in 2016.
Indestroyer has only been used twice since its discovery, once in 2016 and once earlier this month, which explains ESET’s certainty about the origin of the attack. According to the Computer Emergency Response Team of Ukraine (CERT-UA), the hackers introduced the software into the target networks several weeks before the attack which was supposed to take place on April 8 this year.
Although the means used to infiltrate the networks are still unknown, the hackers had apparently planned to cover their tracks once the substations were attacked and the computers used to restore the network were taken out of service.
Since the start of the conflict, this is not the first time (nor the last) that a major attack has been directed against Ukrainian infrastructure. Nevertheless, the country’s response seems to show that its defense is in place and it is capable of handling complex attacks.