“We were very lucky. » At a press conference, the deputy director of the agency responsible for cybersecurity in Ukraine, Viktor Zhora, did not hide his relief. ukrainian authorities AnnouncedTuesday, April 12, having been frustrated, in recent days, a computer attack designed to deprive “millions” of Ukrainians.
The kyiv authorities, in fact, have discovered in the networks of the company responsible for supplying electricity to a Ukrainian region malicious software programmed to cut off the electricity supply this Friday, April 8, shortly after 7:00 p.m.
Discovered in time and deactivated, the computer attack had no effect, according to the Ukrainian authorities. “But the planned disruption was huge”, according to Mr. Zhora. a document published by MIT Technology Reviewpresented as coming from the ukrainian government, undated and describing events very close to those publicly mentioned by kyiv, it nevertheless specifies that the attack succeeded “temporarily shut down nine electrical substations”.
One of the most important regions of the country.
The authorities did not want to specify which company it was targeting or the region in question, except that the latter was one of the largest in the country, according to Farid Safarov, deputy energy minister.
It all started a few days ago with a notice received by the Ukrainian authorities of a ” partner “ – kyiv did not want to specify who – about the possible commitment of part of the Ukrainian power grid.
Quickly, the Ukrainian experts discovered that indeed a company in the sector had been infected, and had been for at least several weeks. The infection first targets your “classic” office network, on which so-called “cleaner” software is discovered, designed to wipe data and render computer systems inoperable. One of them, nicknamed “CaddyWiper”, had already been detected on the networks of a bank and a Ukrainian government entity, without causing appreciable damage.
Another older virus, called “Industroyer”, (…) had deprived several tens of thousands of Ukrainian households of electricity in the dead of winter in 2016
In addition to this network of offices, the one dedicated to the control of the electrical network was also in the spotlight. The authorities discover there a software that, according to the Slovak company ESET, is a benchmark in the digital security of industrial systems and who could directly analyze the attack, bears very clear resemblances to another older virus, called “Industroyer”. The latter was implemented in 2016 in the kyiv region and had deprived tens of thousands of ukrainian homes of electricity in the dead of winter. He had not been spoken of for five years.
Its successor, logically called “Industroyer2” by the Ukrainian authorities and the ESET company, marks a clear sophistication of computer attacks targeting Ukraine. Since the beginning of the Russian invasion, the low intensity of the (numerous) attacks had surprised many experts. In recent weeks, the Ukrainian authorities and specialized companies have regularly announced the discovery of malicious software, without the latter causing significant damage.
Russian military intelligence on the move
This attack seemed, on the contrary, designed to inflict maximum damage, in a sector “of critical importance to the life of this country”, in the words of Mr. Zhora. The study of the attack carried out by ESET also reveals that the hackers had taken measures to erase all their traces, once the hostilities began.
According to the company – but also to the Ukrainian authorities – the authors of Industrialer2 are the same as those of its predecessor: unit 74 455 of the GRU, the Russian military intelligence service, of which various members have already been indicted by US courtsaccused of having carried out large-scale attacks over the last ten years, in particular against Ukraine.
this discovery confirms the rise of the GRU, one of the main troublemakers in cyberspace, on the digital side of the Russian invasion of Ukraine. It also shows that the Russian security apparatus is far from having abandoned its attempts to attack the energy sector. Not long ago, the American justice accused several people, members of the FSBthe Russian security services, of being behind a group of hackers who have attacked many companies in the sector in recent years.
This computer attack could foreshadow others as the Russian military prepares for the second phase of its invasion. For Mr. Zhora, the attack, which should have taken place only a few days ago, was supposed to “reinforce the hostility of the soldiers who continue to kill the civilian population” and who are now directing their weapons towards the Donbass.