Ukrainian leaders reported this week that they had thwarted a Russian cyberattack on Ukraine’s power grid that may have killed power for two million people. But this also raised the level of terror over what Moscow might do in the future using digital weapons in the war-torn country.
The power grid in Ukraine has been derailed twice before in 2015 and 2016, causing massive blackouts. Just days before Russia’s initial attack on February 24, a cyberattack targeted Ukraine’s Defense Ministry, their army, and two of their major banks.
This latest hit was not successful, but it was the most sophisticated they have seen from Russia so far. It had been well planned and was built to do maximum damage by sabotaging the computer systems that would be necessary to restore the power grid.
The attack focused on several electrical substations in the country. It would have kept almost 2 million people from having electricity and it would have been very difficult to repair the attack.
American officials have recently been concerned that Russia would expand its cyber warfare to target American pipelines and electric grids to retaliate against sanctions imposed by the United States.
The hackers in this thwarted offensive were with the G.R.U., Russia’s military intelligence unit. They used malware similar to what Russia has used in the past.
John Hultquist, a vice president for threat analysis at the cybersecurity firm Mandiant, said that this attack was more evidence of what Russia is capable of doing.
Victor Zhora, the deputy head of Ukraine’s cybersecurity agency, said, “It is self-evident that the aggressor’s team, the malefactors, had enough time to get prepared very thoroughly and they planned the execution on a sophisticated, high-quality level.” He noted that Ukraine had been “very lucky” to be able to respond quickly to Russia’s attack. Zhora also described other hackers that have been aligned with Russia but said that have not been as sophisticated as this week’s attack from Moscow.
The truth is that experts analyzing Russia’s war efforts expected attacks like this to come as soon as the war was begun in February. So it looks like they are now beginning to shift their tactics to include this kind of cyber warfare.
Jean-Ian Boutin, the director of ESET threat research, said, “A lot of people were expecting something like this to happen, with critical infrastructure targeted by really advanced malware.”
According to the director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, they have been working together with Ukrainian officials to fully comprehend the tactics of Russia and share important information about this attack. They have determined that the hackers blamed for this attack are likely a group known as Sandworm. They work directly with Russia’s GRU military intelligence agency.
In a recent incident attributed to Sandworm, they tried to deploy malicious code “against high-voltage electrical substations in Ukraine.”
This group was previously successful with attacks similar to this recent one and they had been highly disruptive in 2015 and 2016. In 2015, almost 250,000 people in Ukraine lost power and in 2016 another large amount of people experienced blackouts. The hacking tool this month was very similar to the one used in 2016, according to ESET researchers.
CNN has tried to get the White House to respond to this thwarted attempt to hack Ukraine’s power grid, but they have been silent. It looks like this threat is not just going to be real for Ukraine, but Russia may be aiming at disrupting American interests as well.