LONDON (Reuters) – Russian hackers attempted to launch a destructive cyberattack on Ukraine’s electricity grid last week, Ukrainian officials and cybersecurity researchers said on Tuesday.
The group, dubbed “Sandworm” by security researchers and previously tied to destructive cyberattacks attributed to Russia, deployed destructive and data-wiping malware on computers controlling high voltage substations in Ukraine, the Computer Emergency Response Team of Ukraine (CERT-UA) said in a statement on its website.
“The victim organisation suffered two waves of attacks. The initial compromise took place no later than February 2022. The disconnection of electrical substations and the decommissioning of the company’s infrastructure was scheduled for Friday evening, April 8, 2022,” the CERT-UA statement said.
Officials managed to prevent the attack from taking place, it added. The statement did not say which Ukrainian energy provider was targeted. Russia has consistently denied accusations it has launched cyberattacks on Ukraine.
Slovakian cybersecurity firm ESET, which said it worked with CERT-UA to foil the attack, described the malware as an upgraded version of a malicious program which caused power blackouts in Kyiv in 2016.
The malware was designed to take over the computer networks at the energy provider “in order to cut power”, ESET said in a blog post. A second, data-wiping, malware was deployed alongside this in order to slow attempts to get power back online, the firm added.
(Reporting by James Pearson; editing by David Evans)