An attack on Ukraine is power grid was foiled by cyber security analysts and officials as reported by Reuters. After investigating the method and software used by the attackers cyber security firm ESET says that it was likely carried out by hacking group called sandworm which the record reports allegedly has ties to the Russian government.
The group planned to shut down computers that controlled substations and infrastructure belonging to a particular power company according to the computer emergency response team of Ukraine. The hackers meant to cut off power on April 8th while also wiping the computers that would be used to try and get the grid back online.
This attempted attack involved a wide variety of malware, according to ESET including the recently discovered caddy wiper. ESET also found a new piece of malware which it calls industroyer2. The original industroyer was used in a successful 2016 cyber attack that cut off power in parts of Kyiv, according to the security firm probably by the same group behind this month is foiled attack. Industroyer is not widely used by hackers ESET notes that it is not seen it used twice, which implies that it is written for very specific uses.
Read More: What is cyber security? definition, types, and user protection
It is unclear how the hacker initially got into the company is network or how they gained access to the network that controls industrial equipment like that targeted substations. The analysis does show, however, that the hackers were planning on covering their tracks after the attack. Ukraine and its infrastructure have been targeted by hackers since before the Russian invasion began. It is likely that this won’t be the last attack on its power grid
