Cybersecurity

Ukraine intercepts Russian cyberattack aimed at its power grid

Cybersecurity companies warn that criminals are using malware, phishing campaigns and cryptocurrency scams to exploit people’s concerns about the Ukraine war.

Ukrainian officials on Tuesday said the country successfully thwarted a cyberattack by Russian-backed hackers intended to disrupt the country’s electrical grid, according to news reports. 

The attempted cyberattack, which occurred last week, was aiming to target computers controlling high-voltage substations of an energy company in Ukraine, the Computer Emergency Response Team of Ukraine said in a statement. 

Ukrainian officials said a hacking group known as Sandworm was behind the attack. The hackers have been tied to Russia’s military intelligence agency, GRU.

During a press conference held on Tuesday, Viktor Zhora, a Ukrainian official, said his team was notified of a potential cyberattack on the country’s power grid, the BBC reported.

“The hackers planned the electrical outages for 8 April, to strike on Friday evening, before the weekend,” Zhora said at the press conference. “It looks like we have been extremely lucky to respond to this in a timely manner.”


Slovakian-based cybersecurity firm ESET, which investigated the attempted hack, said in a statement that the attack, which was scheduled for April 8, had been planned for at least two weeks.

The firm also attributed the hacking to Sandworm and said it was confident that the hackers used a new version of malware that was used to shut down electricity in Ukraine in 2016.

The attempted hack follows another successful interception by Microsoft last week, which disrupted cyberattacks targeting Ukraine and organizations in the U.S. and the European Union. Microsoft tied the attacks to a Russian hacking group called Strontium which has also been affiliated with the GRU.

The tech company said it was able to interfere with the attacks after it obtained a court order allowing it to seize control over online domains used by the hacking group. 

Last month, the U.S. Department of Justice indicted four Russian nationals alleged to have hacked energy sectors in 135 countries, including a foreign oil facility which caused two separate emergency shutdowns.  

In one of the indictments against the defendants, prosecutors allege that three officers of Russia’s Federal Security Service installed malware in computer systems of several energy sectors, including nuclear power plants, oil and gas firms, and utility and power transmission companies.

In addition to launching cyberattacks against Ukraine and the West, Russia-backed hackers have also reportedly attempted to use social media platforms for cyber espionage and disinformation campaigns, according to a Facebook report released last week.

The report said the hackers, known as Ghostwriter, targeted the Ukrainian telecom industry, defense and energy sectors, tech platforms, journalists and activists. They also attempted to hack into the Facebook accounts of dozens of Ukrainian military personnel. 

Facebook, which linked the hacking group to the Belarusian KGB, said it disabled the account and stopped the disinformation campaign.