Ukraine has accused a Russian spy agency of carrying out a cyber attack intended to shut down part of its electricity grid.
Russian cyber-attackers created customised malicious software intended to disconnect high-voltage substations belonging to a Ukrainian power company.
The country’s Computer Emergency Response Team, which defends against foreign hackers, said: “The idea of the attackers involved the decommissioning of several infrastructural elements.”
A malicious software “bomb” was set to digitally detonate last Friday, the team said. The bomb consisted of so-called “wiper” malware that deletes all files on computers it infects.
Such malware has previously been used by Russia but this is thought to be the first time since the February invasion where it has been used against critical infrastructure.
Slovakian cyber security company ESET, which helped the Ukrainians detect and remove the Russian malware, said its staff had seen “several destructive malware families” being deployed.
ESET believes the malware gave the Russians access to the electricity company’s industrial control systems used to control equipment such as generators, switchgear and other critical equipment.
They are supposed to be well protected from outside access because of the severe consequences if a malicious party interferes with them.
Ukraine named the attackers as Sandworm, a well-known cyber security threat group. Sandworm has previously been identified by the Foreign Office as a unit of the Russian GRU spy agency called the Main Centre for Special Technologies.
Within Russia the centre is known as Unit 74455, the Foreign Office said in 2020.
The Ukrainian CERT said the Russians had infiltrated the electricity generation company’s computer networks “no later than February 2022”, the month when Russia invaded Ukraine.
Malware planted by the Russians was tailored to cause maximum damage through a set of “unique parameters for the respective substations”.
Russia honed its hackers’ skills against electricity infrastructure in a series of attacks against the Ukrainian grid several years ago.
Its first effort in 2015 cut power to 80,000 customers for six hours. A followup in 2016 saw a fifth of Kyiv residents losing power for an hour.
Experts have previously said that cyberattacks on electricity grids, while harmful and high profile, are unlikely to have long-lasting ramifications.
