BOSTON (AP) — Russian military hackers attempted to oust millions of Ukrainians last week in a long-planned attack, but were foiled, Ukrainian government officials said Tuesday.
The Ukrainian said that at a power station, hackers managed to penetrate and disrupt part of the industrial control system, but the people guarding the station were able to prevent power outages.
“The threat was serious, but it was stopped in time,” Viktor Zora, a top Ukrainian cybersecurity official, told reporters via an interpreter. “Looks like we were very lucky.”
Officials said hackers from Russia’s GRU military intelligence agency used an improved, more sophisticated version of the malware, first seen in an attempt to oust power in Kyiv in 2016, to target multiple substations. was designed for.
Officials did not specify how many substations were targeted, citing safety concerns, but a deputy energy minister, Farid Safarov, said “if it was successful there would be 2 million people without electricity.”
Jhora, deputy chairperson of the State Special Service of Special Communications, said the malware was programmed to shut off power on Friday evening as people returned home from work and switched to news reports.
He said the power grid network was entered before the end of February, when Russia invaded, and the attackers later uploaded malware, dubbed Industroyer2. The malware was successful in disrupting a component of the affected power station’s management system.
Zora would not give more details or explain how the attack was defeated or which partners may have directly aided. They acknowledged the depth of international aid Ukraine has received in identifying infiltration and the challenges it has sought to rid the government, power grids and telecommunications networks of the attackers.
Ukraine’s Computer Emergency Response Team thanked Microsoft and cybersecurity firm ESET for their assistance in dealing with the power grid attack in a bulletin posted online. ESET said in a blog post that the devastating attacks were planned for at least two weeks.
GRU hackers successfully attacked Ukraine’s power grid twice in the winter of 2015 and 2016. US prosecutors charged six GRU officials in 2020 with using a previous version of industrial malware to attack Ukraine’s power grid by gaining control of electrical substation switches and circuit breakers.
Russia’s use of cyberattacks against Ukraine’s infrastructure is limited compared to the pre-war expectations of experts. In the early hours of the war, however, Ukraine blamed Russia in an attack, knocking offline a vital satellite communications link that also affected thousands of Europeans from France to Poland.
In another serious cyberattack of the war, hackers knocked offline the internet and cellular service of a major telecommunications company that serves the military, Ukrtelcom, for most of the day on March 28.
Zora said “the potential of Russian (state-backed) hackers has been underestimated” and cited several reasons why he believes cyberattacks have not played a major role in the conflict:
– There is no need to hide behind covert cyber activity when the attacker is hitting civilian targets with bombs and rockets.
Ukraine has significantly increased its cyber security with the help of volunteers from sympathetic countries.
– Attacks so sophisticated as this attempt to dissipate power are complex and take a lot of time.
“It’s not an easy thing to do,” said Zora.
Ukraine has been under constant Russian cyberattacks for the past eight years, with Zora noting that attacks have tripled since the invasion compared to the same period last year.
Russia has said that its invasion was necessary to protect civilians in eastern Ukraine, a false claim that the US had predicted that Russia would make excuses for invasion. Ukraine called Russia’s attack a “war of aggression” and said it would “defend and win.”