Power Grid Attack Prevented by Cybersecurity

This post is also available in: עברית (Hebrew)

Cyberspace’s complex nature continues to make cyber threats a real and growing problem. The cyber threat is real for many countries, both from state-sponsored and non-state actors. The threat is even more serious for a country whose neighbor has invaded its borders and started a war.

Ukraine’s computerized emergency response team (CERT-UA) identified a hacker group planning to conduct a cyber attack on a supplier’s power infrastructure, reports theverge.com. The hackers were planning an attack on Ukraine’s power grid on April 8. Their intent was to cut off the power to the company’s computers and destroy all the data, so that the problem could not be easily repaired.

After analyzing the incident, the Slovakian company ESET concluded that this was a Sandworm hack, which has previously been associated with the Russian government, according to news reports.

An attack was planned using various software, including CaddyWiper malware, which replaces all computer file contents with null byte characters, so that all information stored on the computer is permanently deleted. Further, the hacker used the Industroyer2 software, which was used in a hack of the Kyiv region power grid in 2016, causing an hour-long power outage in the Ukrainian capital. The previous attack on Ukraine’s electricity supply network, similar to the one that took place last week, was allegedly a test and suggested a well-planned operation.

As of yet, it has not been determined how the hackers managed to gain access to the computer network of the Ukrainian electricity company. It is likely that Ukraine’s infrastructure will continue to be targeted by attackers, but Ukrainians appear less surprised and better prepared than before.