Russia improves methods of attacking Ukraine's energy sector by carrying out cyberattacks
Sandworm, a Russian hacker group from the GRU military unit 74455, is trying to use new methods to turn off power plants in Ukraine.
Source: This is stated in a study by the American company Mandiant, focused on cybersecurity.
Details: According to experts, Russian hackers have been studying Ukrainian energy networks for months.
It is noted that they even managed to turn off the circuit breakers at one of the substations in Ukraine in late 2022. The two incidents allegedly occurred on 10 and 12 October 2022.
However, an analysis of the cyberattack showed that hackers had access to the system at least two to three months before.
At the same time, Russian troops launched missile attacks on objects of critical infrastructure of Ukraine [on 10 October 2022, for the first time ever Russia carried out a large-scale attack on the energy system of Ukraine – ed.].
The study notes that Russia continues to increase investments in cyber capabilities focused on the impression of operating systems.
"Russia's cyber-physical attacks have become increasingly visible since Russia's invasion of Ukraine," Mandiant said.
This case with the shutdown of one of the substations, experts say, indicates the evolution of the Russian arsenal of offensive operational technologies, including their use for attacks on infrastructure.
In addition, the espionage operations of Russian cyber experts are global in scale, which illustrates the far-reaching ambitions and interests of the Russian military.
Investigators suggest that we may be talking about several hacker groups, since sometimes there is a lack of coordination between different individuals or operational subgroups involved in the attack.
Experts also state a threat to the Ukrainian critical infrastructure environment, which uses the MicroSCADA dispatch control system.
Background:
Earlier, the State Service of Special Communications and Information Protection of Ukraine concluded that the Armageddon/Gamaredon group carried out the most cyber attacks on Ukraine (more than 100 in 2022 alone).
A distinctive feature of the group's phishing mailings is the high level of their training: knowledge of the Ukrainian context and understanding of the specifics of the work of certain organisations.
This group attacks the public sector, state enterprises, the security and defence sector and law enforcement agencies.
The group includes former officers of the Security Service of Ukraine in the Autonomous Republic of Crimea.
Support UP or become our patron!
