April 12, 2022 / 4:49 PM

Ukraine defends electrical grid against Russian Sandworm cyberattack

By Simon Druker
Ukraine defends electrical grid against Russian Sandworm cyberattack
Ukraine successfully thwarted an attack on its electrical grid, by a cybersecurity outlet of the Russian military, the country confirmed on Tuesday. Photo courtesy Computer Emergency Response Team of Ukraine

April 12 (UPI) -- Ukraine successfully thwarted an attempt by Russian hackers to damage its electrical grid, the country confirmed Tuesday.

Hackers aimed to damage or decommission several major elements, including high-voltage electrical substations, Ukraine's Governmental Computer Emergency Response Team said in a statement.

"The decommissioning of the company's infrastructure was scheduled for Friday evening, April 8, 2022. At the same time, the implementation of the malicious plan has so far been prevented," the agency wrote on its website.

If successful, the attack would have infiltrated computers connected to multiple substations, deleting all files and shutting down the infrastructure.

The government agency, along with Slovakian cybersecurity firm ESET, confirmed the identity of the hackers as members of the Sandworm Team, a Russian state-sponsored threat actor.

Ukraine's government worked with both ESET and Microsoft to identify and neutralize the malicious software used in the attack.

The attack was the first in five years to use Sandworm's Industroyer malware, which is designed to automatically trigger power disruptions.

Sandworm, which has been active since 2009 and has been traced to Russia's General Staff Main Intelligence Directorate Main Center for Special Technologies military unit 74455. It previously carried out attacks against Ukraine's electrical grid in 2015 and 2016.

Officials have called the attempt, the most aggressive cyberattack made by Russia since 2016.

In 2020, the U.S. Department of Justice indicted six members of the group after operations in 2015 and 2016.

In late February, several Ukrainian government websites were hit with a cyberattack, a week after two local banks were targets of another attack.

