Ukraine says potent Russian hack against power grid thwarted

Apr 12, 2022, 8:54 AM | Updated: Apr 15, 2022, 12:27 pm
FILE - A woman walks with a power plant in the background, in Vinnytsia, Ukraine, March 16, 2022. U...

FILE - A woman walks with a power plant in the background, in Vinnytsia, Ukraine, March 16, 2022. Ukrainian officials say Russian military hackers tried to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled. However, the Ukrainians say the Russian hackers succeeded in penetrating and disrupting the industrial control system of one power station. The Ukrainians says the defenders were able to thwart any power loss. (AP Photo/Rodrigo Abd, File)

(AP Photo/Rodrigo Abd, File)

BOSTON (AP) — Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled, Ukrainian government officials said Tuesday.

At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, the Ukrainians said.

“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”

The hackers from Russia’s GRU military intelligence agency used an upgraded version of malware first seen in its successful 2016 attack that caused blackouts in Kyiv, officials said, that was customized to target multiple substations. They simultaneously seeded malware designed to wipe out computer operating systems, hindering recovery.

Authorities did not specify how many substations were targeted or their location, citing security concerns, but a deputy energy minister, Farid Safarov, said “2 million people would have been without electricity supply if it was successful.”

Zhora, the deputy chair of the State Service of Special Communications, said the malware was programmed to knock out power on Friday evening just as people returned home from work and switched on news reports.

He said that power grid networks were penetrated before the end of February, when Russia invaded, and that the attackers later uploaded the malware, dubbed Industroyer2. The malware succeeded in disrupting one component of the impacted power station’s management systems, also known as SCADA systems.

Zhora would not offer further details or explain how the attack was defeated or which partners may have assisted directly in defeating it. He did acknowledge the depth of international assistance Ukraine has received in identifying intrusions and the challenges of trying to rid government, power grid and telecommunications networks of attackers. The helpers include keyboard warriors from U.S. Cybercommand, which declined comment.

The Computer Emergency Response Team of Ukraine thanked Microsoft and the cybersecurity firm ESET for their assistance in dealing with the power grid attack in a bulletin posted online.

Officials said the destructive attacks had been planned at least since March 23, and Zhora speculated it was timed by Russia to “invigorate” its soldiers after they took heavy losses in a failed bid to capture Kyiv, the capital.

Zhora stressed that Russian cyberattacks have not successfully knocked out any power to Ukrainians since this invasion began.

GRU hackers from a group that researchers call Sandworm twice successfully attacked Ukraine’s power grid — in the winters of 2015 and 2016. U.S. prosecutors indicted six GRU officials in 2020 for using a previous version of the Industroyer malware to attack Ukraine’s power grid by gaining control of electrical substation switches and circuit breakers.

In the 2016 attack, Sandworm hackers used Industroyer to turn circuit breakers on and off in a sequence designed to create a blackout, said Jean-Ian Boutin, director of threat research at ESET.

“We know that Industroyer still has the capability to turn off circuit breakers,” he said.

Working closely with Ukrainian responders, ESET also determined that the attackers had infected networks at the targeted plants with disk-wiping software.

Successfully activating the malware would have rendered plant systems in operable, seriously hindering remediation and recovery and destroying the attackers’ digital footprints, Boutin said.

One of the destructive malware varieties used in the attack, dubbed CaddyWiper, was first discovered by ESET in mid-March being used against a Ukrainian bank, he said.

Western prosecutors blame Sandworm for a series of high-profile cyberattacks including the most destructive, the 2017 NotPetya wiper virus that caused more than $10 billion in damage globally by destroying data on entire networks of computers of companies doing business in Ukraine including those belonging to the shipper Maersk and the pharmaceutical company Merck.

Russia’s use of cyberattacks against Ukrainian infrastructure during its invasion has been limited compared with experts’ pre-war expectations. In the early hours of the war, however, an attack Ukraine blames on Russia knocked offline an important satellite communications link that also impacted tens of thousands of Europeans from France to Poland.

In another serious cyberattack of the war, hackers knocked offline the internet and cellular service of a major telecommunications company that serves the military, Ukretelecom, for most of the day on March 28.

Zhora said “the potential of Russian (state-backed) hackers has been overestimated” and cited a number of reasons why he believes cyberattacks have not played a major role in the conflict:

— When the aggressor is pummeling civilian targets with bombs and rockets there is little need to hide behind covert cyberactivity.

— Ukraine has significantly upped its cyber defenses with the help of volunteers from sympathetic countries.

— Attacks as sophisticated as this effort to knock out power are complex and tend to require a lot of time.

“This is not an easy thing to do,” Zhora said.

Ukraine has been under steady Russian cyberattack for the past eight years, with Zhora noting that the attacks have tripled since the invasion when compared with the same period last year.

Russia has said its invasion was needed to protect civilians in eastern Ukraine, a false claim the U.S. had predicted Russia would make as a pretext for the invasion. Ukraine has called Russia’s assault a “war of aggression,” saying it “will defend itself and will win.”

___

Associated Press writer Alan Suderman in Richmond, Virginia, contributed to this report.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Associated Press

Highland Park set tight gun limits long before parade attack

CHICAGO (AP) — In a state with some of the country’s toughest gun regulations and a city that bans semi-automatic weapons, Dana Gordon still feared a mass shooting could happen here. Gordon, a Highland Park resident and an anti-gun violence activist, knew the familiar questions from victims of mass shootings across the country — how […]
14 hours ago
Associated Press

How major US stock indexes fared Tuesday 7/5/2022

Major stock indexes shook off an early slump and ended with meager gains on Wall Street Tuesday as worries about the economy continue to weigh on markets. Oil prices slumped, bringing the price of U.S. crude back below $100 a barrel for the first time since early May. Tech stocks staged a turnaround and ended […]
14 hours ago
Associated Press

Newmont, ConocoPhillips fall; Moderna, Cowen rise

NEW YORK (AP) — Stocks that traded heavily or had substantial price changes Tuesday: AstraZeneca Plc., down 44 cents to $65.51. The pharmaceutical company is buying drug developer TeneoTwo. Newmont Corp., down $1.46 to $59.71. The gold producer’s stock fell along with prices for the precious metal. ConocoPhillips, down $6.34 to $84.64. Energy stocks fell […]
14 hours ago
President Joe Biden speaks on the South Lawn of the White House, Monday, July 4, 2022, in Washingto...
Associated Press

Biden to Ohio, spotlighting rescued pensions for millions

WASHINGTON (AP) — Seeking to boost his standing with frustrated blue-collar voters, President Joe Biden on Wednesday will use the backdrop of a union training center in Cleveland to tell workers his policies will shore up troubled pension funding for millions now on the job or retired. Hurt politically by inflation at a 40-year high […]
14 hours ago
FILE - Fans watch at the start of an NFL football game inside AT&T Stadium between the New York Gia...
Associated Press

Cowboys criticized over deal with gun-themed coffee company

FRISCO, Texas (AP) — The Dallas Cowboys sparked criticism on social media Tuesday after announcing a marketing agreement with a gun-themed coffee company with blends that include “AK-47 Espresso,” “Silencer Smooth” and “Murdered Out.” The partnership with the Black Rifle Coffee Co. was revealed on Twitter the day after more than a half-dozen people died […]
14 hours ago
FILE - In this June 1995, file photo a Northern Spotted owl sits on a branch in Point Reyes, Calif....
Associated Press

Judge throws out Trump-era rollbacks on endangered species

WASHINGTON (AP) — A federal judge on Tuesday threw out a host of actions by the Trump administration to roll back protections for endangered or threatened species, a year after the Biden administration said it was moving to strengthen species protections weakened under former President Donald Trump. U.S. District Judge Jon Tigar in Northern California […]
14 hours ago

Sponsored Articles

...
Dr. Richard Carmona

Great news: Children under 5 can now get COVID-19 vaccine

After more than two years of battle with an invisible killer, we can now vaccinate the youngest among us against COVID-19. This is great news.
...
Day & Night Air Conditioning, Heating and Plumbing

Most plumbing problems can be fixed with regular maintenance

Instead of waiting for a problem to happen, experts suggest getting a head start on your plumbing maintenance.
...
CANVAS ANNUITY

Best retirement savings rates hit 4.30%

Maximize your retirement savings with guaranteed fixed rates up to 4.30%. Did you know there is a financial product that can give you great interest rates as you build your retirement savings and provide you with a paycheck for life once you retire? It might sound too good to be true but it is not; this product is called an annuity.
Ukraine says potent Russian hack against power grid thwarted