Urian B., Tech Times

The Russian hacking group called Sandworm has resurfaced after half a decade of trying to launch a third blackout in Ukraine. The hacking group was behind the 2016 electric transmission station blackout in northern Kyiv a week before Christmas.

Sandworm Hacker Group Attempted to Blackout Ukraine

According to the story by Wired, the hackers used a unique and automated piece of code to try to interact directly with the station's circuit breakers. The group was able to turn off the lights of a fraction of Ukraine's capital. 

With the increasing number of hacker groups trying to target Ukraine, Sandworm has once again emerged. The Ukrainian Computer Emergency Response Team (CERT-UA) confirmed that the Sandware hacker group was trying to target high-voltage electrical substations through the Industroyer or Crash Override malware.

CERT-UA Confirms Sandworm to be Russia's GRU Unit 74455

The CERT-UA also confirmed that Sandworm was Russia's GRU Unit 74455. Sandworm's new malware was called the Industroyer2 and is capable of interacting directly with equipment and electrical utilities in order to send commands to substation devices capable of controlling power flow.

As described by Wired, the newest attack signals the most aggressive cyberattack team from Russia trying to accomplish the third blackout in Ukraine. The most notable successful cyberattacks on Ukraine's power grid happened in 2015 and 2016, respectively just one of them confirmed to be caused by hackers.

Malware was Planted as Early as February

As per CERT-UA and the Slovakian cybersecurity firm known as ESET, the malware was planted directly on the target systems of a regional energy firm in Ukraine. Luckily, CERT-UA says that the attempted attacks were not successful.

As per CERT-UA, they were able to detect the attempted attacks in-process and stopped them before an actual blackout could happen. It was also noted that the hacking group initially penetrated the electric utility in February of this year or earlier to deploy the Industroyer2.

Read Also: Qbot Botnet Deploys Malware Payloads Through Malicious Windows Installers

Cyberattacks Towards Ukraine Increasing

Multiple forms of "wiper malware" were also deployed by the hackers in an attempt to destroy the utility computers' data. CERT-UA announced that they were successful in catching the wiper malware before it was officially utilized.

A report by TechCrunch said that ESET gave a technical analysis regarding the attack, saying Ukraine is again the "center of cyberattacks with hackers trying to destroy critical infrastructure. The cybersecurity firm noted that the new Industroyer campaign follows a wave of attempts using wiper malware to target numerous sectors in Ukraine.

ESET announced that they will continue to monitor the threat landscape to protect organizations against these particular "types of destructive attacks." The disruption came just a few days after the FBI tried to target a Sandworm-linked botnet targeting WatchGuard and Asus devices.

Related Article: CSA Now Requires Cybersecurity Vendors to Apply For License to Continue Operations

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Sandworm hacker hackers Ukraine
Join the Discussion