According to cybersecurity vendor ESET, a Ukrainian energy supplier has been targeted by a new variant of the Industroyer malware, Industroyer2. ESET discovered the cyberattack in collaboration with the Ukrainian Computer Emergency Response Team (CERT-UA). The malware is primarily used by the Sandworm APT group, which is linked to the Russian state security services, and was detected in an attack against Kiev in 2016 that cut power services to the country. In its latest campaign, Sandworm attempted to mimic its 2016 attack, targeting the Ukrainian energy sector.
The attack consisted of using Industroyer against high-voltage electrical substations in Ukraine with the goal of triggering power outages. According to ESET, the malware was schedule to be executed on April 8, 2022. Sandworm does not only use Industroyer, however, and has been known to deploy CaddyWiper to erase traces of Industroyer. CaddyWiper was used in an attack on the network of a Ukrainian bank in March. CERT-UA and ESET were able to remediate the attack and the incident is still under investigation.
Read More: Ukrainian Energy Supplier Targeted by New Industroyer Malware