The cyberattack appears to have been thwarted, and the Ukrainian government Computer Emergency Response Team said it had prevented the attackers from “carrying out [their] malicious intent.” Victor Zhora, a senior Ukrainian cybersecurity official, told CNN that the hack attempt did not affect the provision of electricity at the power company.
It’s the type of advanced cyberattack that many US officials and cybersecurity analysts predicted would accompany Russia’s invasion of Ukraine.
“A lot of people were expecting something like this to happen, with critical infrastructure targeted by really advanced malware,” Jean-Ian Boutin, ESET’s director of threat research, told CNN.
While this hack may have been thwarted, prior Sandworm hacks in Ukraine have been disruptive.
A 2015 cyberattack that US officials pinned on Sandworm cut power for about a quarter million people in Ukraine. A follow-up hack in 2016 on an electrical substation outside of Kyiv caused a smaller blackout and the malicious code used was more sophisticated, according to analysts.
The hacking tool used in the recent attempted cyberattack on the Ukrainian power company was a variation of the malicious software known as Industroyer that was used in the 2016 hack, ESET researchers said.
“It is something that we don’t see often. And the fact that Industroyer was used years ago … this is very significant,” Boutin said.
US officials have been closely monitoring suspected Russian cyberattacks against Ukrainian critical infrastructure before and after Russia’s invasion on February 24. The White House on February 18 blamed a separate hacking incident, which temporarily knocked Ukrainian government and bank websites offline, on the GRU.
CNN has reached out the White House for comment on the alleged hacking attempt against the Ukrainian power company.