Ukraine claims to have thwarted Russian cyberattack on its power grid


“We were very lucky. » At a press conference, the deputy director of the agency responsible for cybersecurity in Ukraine, Viktor Zhora, did not hide his relief. The Ukrainian authorities announced on Tuesday 12 April that they had thwarted a computer attack in recent days designed to deprive “millions” of Ukrainians.

The kyiv authorities have, in fact, discovered in the networks of the company responsible for supplying electricity to a Ukrainian region a malicious software programmed to cut off the power this Friday, April 8, shortly after 7 p.m.

Discovered in time and deactivated, the computer attack had no effect, according to the Ukrainian authorities. “But the planned disruption was enormous”, according to Mr. Zhora. A document published by the MIT Technology Reviewpresented as emanating from the Ukrainian government, undated and describing facts very close to those publicly mentioned by kyiv, specifies however that the attack succeeded in “temporarily shut down nine electrical substations”.

One of the most important regions of the country

The authorities did not want to specify which company was targeted, nor the region concerned – except that the latter was one of the largest in the country, according to Farid Safarov, the deputy energy minister.

It all started a few days ago with a warning received by the Ukrainian authorities from a ” partner “ – Kyiv did not want to specify who – about the potential compromise of part of the Ukrainian power grid.

Quickly, the Ukrainian experts discovered that a company in the sector had indeed been infected, and had been for several weeks at least. The infection first concerns its “classic” office network, on which so-called “wiper” software is discovered, designed to erase data and render computer systems inoperative. One of them, nicknamed “CaddyWiper”, had already been detected in the networks of a Ukrainian bank and government entity, without doing any noticeable damage.

Read also: The FBI announces that it has dismantled a network used by Russia for possible cyberattacks

Another, older virus, called “Industroyer”, (…) had deprived of electricity, in the middle of winter, several tens of thousands of Ukrainian homes in 2016

In addition to this office network, the one dedicated to controlling the electrical network was also targeted. The authorities discovered software there which, according to the Slovak company ESET, which is a reference in the digital security of industrial systems and which was able to directly analyze the attack, bears very clear resemblances to another, older virus, called “ Industrialize”. The latter was deployed in 2016 in the kyiv region and deprived tens of thousands of Ukrainian homes of electricity in the middle of winter. He hadn’t been talked about for five years.

Its successor, logically called “Industroyer2” by the Ukrainian authorities and the company ESET, marks a clear sophistication of computer attacks targeting Ukraine. Since the start of the Russian invasion, the low intensity of the (numerous) attacks had surprised many experts. In recent weeks, the Ukrainian authorities and specialized companies have regularly announced the discovery of malicious software, without the latter doing significant damage.

Russian military intelligence on the move

This attack seemed, on the contrary, designed to inflict maximum damage, in a sector “of critical importance to the life of this country”, in the words of Mr. Zhora. The study of the attack by ESET also reveals that the hackers had taken measures to erase all their traces, once the hostilities had started.

According to the company – but also the Ukrainian authorities – the authors of Industroyer2 are the same as those of its predecessor: unit 74 455 of the GRU, the Russian military intelligence service, several members of which have already been indicted by the courts. American, accused of having carried out large-scale attacks over the past ten years, in particular against Ukraine.

Read also Ukraine recognizes “huge loss of communication” after cyberattack on KA-SAT satellite

This discovery confirms the rise of the GRU, one of the main troublemakers in cyberspace, in the digital side of the Russian invasion of Ukraine. It also shows that the Russian security apparatus is far from having abandoned its attempts to attack the energy sector. Recently, American justice accused several individuals, members of the FSB, the Russian security services, of being behind a group of hackers who have targeted many companies in the sector in recent years.

This computer attack could prefigure others, as the Russian army prepares for the second phase of its invasion. For Mr. Zhora, the attack, which should have taken place only a few days ago, was supposed to “to reinforce the hostility of the soldiers who continue to kill the civilian population” and who now turn their weapons towards the Donbass.


Please enter your comment!
Please enter your name here