Tag Archive for: Grid

Sandworm targets Ukrainian power grid. CISA warns of ICS malware. Updates on Hafnium activity.

/in


Sandworm targets Ukrainian power grid.

Sandworm, also known as Voodoo Bear, and in the org charts Unit 74455 of Russia’s GRU, has deployed CaddyWiper destructive malware and an Industroyer variant being called, simply, “Industroyer2.” ESET tweeted the results of its findings early Tuesday morning, and provided additional details in a report also published Tuesday. “ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company. The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks. The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems. We assess with high confidence that the attackers used a new version of the Industroyer malware, which was used in 2016 to cut power in Ukraine. We assess with high confidence that the APT group Sandworm is responsible for this new attack.”

The incident seems, at first look, an attempted repetition of the 2016 Russian cyberattacks against the Ukrainian grid that ESET mentioned in its report. CERT-UA offered a further description of the attack. It intended to use Industroyer2 against “high-voltage electrical substations” in a fashion tailored to the individual substations. CaddyWiper was used against Windows systems (including automated workstations), and other “destructive scripts” (OrcShred, SoloShred, and AwfulShred) were deployed against Linux systems.

The GRU’s attempt against the Ukrainian power grid appears to be the cyberattack most people were expecting back in February, especially because of the way it tracked earlier GRU takedowns of sections of Ukraine’s power grid. It also appears to have failed, and that failure may be attributed in part to successful Ukrainian defenses as well as to the methods Russia chose to use. In cyberspace as well as on the ground, Ukraine appears to have proved a tougher opponent than Russia expected.

CISA warns of ICS malware.

Late Wednesday the US Cybersecurity and Infrastructure Security Agency (CISA) announced that, with its partners in “the Department of Energy (DOE), the National Security Agency (NSA), and the Federal Bureau of…

Source…

Ukraine Says It Thwarted a Sophisticated Russian Cyberattack on Its Power Grid

/in


The attackers may have broken into the electrical company’s systems as early as February, Ukrainian officials said, but they emphasized that some details of the attack, including how the intruders made their way into the company’s systems, were not yet known.

Officials declined to name the company that suffered the breach and the region its substations are in, citing fears of continuing cyberattacks.

“It is self-evident that the aggressor’s team, the malefactors, had enough time to get prepared very thoroughly and they planned the execution on a sophisticated, high-quality level,” said Victor Zhora, the deputy head of Ukraine’s cybersecurity agency, the State Service of Special Communications and Information Protection. “It looks that we have been very lucky that we were able to respond in a timely manner to this cyberattack.”

Ukrainian companies in finance, media and energy have been subject to regular cyberattacks since the war began, according to Mr. Zhora. His agency said that since Russia’s invasion began, it had recorded three times as many attacks as it had tracked in the previous year.

The use of wiper malware has become a persistent problem in Ukraine since the war began, with attacks hitting Ukrainian critical infrastructure, including government agencies responsible for food safety, finance and law enforcement, cybersecurity researchers said.

Hackers have also broken into communications systems, including satellite communication services and telecom companies. Investigations into those breaches are continuing, although cybersecurity…

Source…

Ukraine says potent Russian hack against power grid thwarted – FOX23 News

/in


BOSTON — (AP) — Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled, Ukrainian government officials said Tuesday.

At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, the Ukrainians said.

“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”

The hackers from Russia’s GRU military intelligence agency used an upgraded version of malware first seen in its successful 2016 attack that caused blackouts in Kyiv, officials said, that was customized to target multiple substations. They simultaneously seeded malware designed to wipe out computer operating systems, hindering recovery.

Authorities did not specify how many substations were targeted or their location, citing security concerns, but a deputy energy minister, Farid Safarov, said “2 million people would have been without electricity supply if it was successful.”

Zhora, the deputy chair of the State Service of Special Communications, said the malware was programmed to knock out power on Friday evening just as people returned home from work and switched on news reports.

He said that power grid networks were penetrated before the end of February, when Russia invaded, and that the attackers later uploaded the malware, dubbed Industroyer2. The malware succeeded in disrupting one component of the impacted power station’s management systems, also known as SCADA systems.

Zhora would not offer further details or explain how the attack was defeated or which partners may have assisted directly in defeating it. He did acknowledge the depth of international assistance Ukraine has received in identifying intrusions and the challenges of trying to rid government, power grid and telecommunications networks of attackers. The helpers include keyboard warriors from U.S. Cybercommand, which declined comment.

The Computer Emergency Response Team of Ukraine thanked Microsoft…

Source…

Ukraine says potent Russian hack against power grid thwarted – WSOC TV

/in


BOSTON — (AP) — Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled, Ukrainian government officials said Tuesday.

At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, the Ukrainians said.

“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”

The hackers from Russia’s GRU military intelligence agency used an upgraded version of malware first seen in its successful 2016 attack that caused blackouts in Kyiv, officials said, that was customized to target multiple substations. They simultaneously seeded malware designed to wipe out computer operating systems, hindering recovery.

Authorities did not specify how many substations were targeted or their location, citing security concerns, but a deputy energy minister, Farid Safarov, said “2 million people would have been without electricity supply if it was successful.”

Zhora, the deputy chair of the State Service of Special Communications, said the malware was programmed to knock out power on Friday evening just as people returned home from work and switched on news reports.

He said that power grid networks were penetrated before the end of February, when Russia invaded, and that the attackers later uploaded the malware, dubbed Industroyer2. The malware succeeded in disrupting one component of the impacted power station’s management systems, also known as SCADA systems.

Zhora would not offer further details or explain how the attack was defeated or which partners may have assisted directly in defeating it. He did acknowledge the depth of international assistance Ukraine has received in identifying intrusions and the challenges of trying to rid government, power grid and telecommunications networks of attackers. The helpers include keyboard warriors from U.S. Cybercommand, which declined comment.

The Computer Emergency Response Team of Ukraine thanked Microsoft…

Source…