Russian Hackers Suspected of Causing Major Power Grid Outage in Ukraine
Russian hackers are believed to be responsible for a significant power grid outage in Ukraine. Cybersecurity firm Mandiant, a subsidiary of Google, has discovered that the 2022 attack, which occurred in October, was the third of its kind to target Ukrainian energy systems. The breach has been linked to the Russian Main Intelligence Directorate (GRU), specifically its digital warfare unit known as Sandworm.
Mandiant has referred to the attack as a novel attack that resulted in widespread blackouts across Ukraine. As a result, Kyiv had to suspend power exports temporarily, leaving four regions without electricity. Notably, this power outage coincided with multiple missile strikes on Ukraine’s critical infrastructure.
The attack unfolded in two phases. The first phase involved leveraging Ukraine’s operational technology (OT) to trigger the country’s circuit breakers, causing the initial power disruption. The second phase involved the use of a malware known as CaddyWiper, which effectively erased any trace of Sandworm’s activities and also wiped out victim data.
Mandiant emphasizes that this cyber assault on Ukraine’s power grid indicates that Russia possesses an advanced offensive cyber arsenal. It suggests that Moscow has the ability to identify different threat types, develop new cyber capabilities, and exploit various OT infrastructures for attacks.
Although Mandiant was unable to determine the exact entry point of the attack, its analysis points to the possibility that the OT component of the attack was developed in as little as two months. This suggests that the actors behind the attack have the capacity to quickly develop similar capabilities to target OT systems produced by different original equipment manufacturers (OEMs) worldwide.
Ukraine has confirmed the occurrence of the attacks, with Ukrainian Cyber Defense Agency Head Victor Zhora stating that they were likely carried out to maximize the impact of Russian missile strikes. Zhora further warned that Russia seems intent on focusing its cyber and kinetic assaults on civilian targets, particularly critical infrastructure. He urges increased preparedness and vigilance to counter such attacks in the coming months.
