Adam Segal
The Ukrainian Computer Emergency Response Team (CERT-UA) and the cybersecurity firm ESET revealed that Russian-linked Sandworm hackers targeted high-voltage electrical substations in Ukraine with malware. The attackers targeted the substations with a novel variant of the Industroyer malware, dubbed Industroyer2, which interacts with industrial control systems that manage the flow of power. This mirrors 2015 and 2016 campaigns conducted by Sandworm in which attackers used Industroyer malware to cause blackouts in Kyiv. While Ukrainian authorities claimed there was no damage to the power grid in this case, there were some reports of damage in electrical substations. There is evidence that the hackers may have infiltrated the target systems as early as February, lying in wait until the scheduled attack on April 8. The hackers also deployed multiple strains of wiper malware to other systems, including CaddyWiper, which was recently found inside the systems of Ukrainian banks.
No comments:
Post a Comment