Russia’s Sandworm hackers attempted a third blackout in Ukraine
Several years after the Russian state sponsored hacking group Sandworm targeted an electrical transmission station north of Kyiv in 2016, the hackers are targeting Ukraine’s industrial grid again. In 2016, Russian hackers used a unique, automated piece of code to interact directly with circuit breakers and shut off lights to a small portion of its capital city. This month, the Ukrainian Computer Emergency Response Team (CERT-UA) reported that the Sandworm hacking group had targeted high-voltage electrical substations in Ukraine.
The group allegedly used a variation of a piece of malware called Industroyer. Cybersecurity firm ESET also released an advisory regarding the group, which has been confirmed to be Unit 74455 of Russia’s GRU military intelligence agency. The new malware can interact directly with the equipment in electrical utilities to deliver commands to substation devices that direct the flow of power. This means that Russia could be looking to attempt a third blackout in Ukraine amid its invasion of the country and ongoing conflict.