Attack on Kyiv Power Substation Shut Down Remote Terminals

December 17, 2016

The attack on the Pivnichna transmission facility shut down the remote terminal units that control circuit breakers. Oleksii Yasynskyi, head of research for Information Systems Security Partners in Ukraine, said the attackers belonged to several different groups that worked together. Among other things, they gathered passwords for targeted servers and workstations and created custom malware for their targets. Sandworm suspected in deploying Industroyer (also: CrashOverride) malware, by exploiting a vulnerability in Siemens SIPROTEC relays.

The hack was less severe than the one used in the 2015 attack, which rendered the devices inoperable and prevented engineers from remotely restoring power.

read more

Targeted Cyberattack on Ukranian Critical Energy Infrastructure Facility

September 5, 2023

The Computer Emergency Response Team of Ukraine (CERT-UA) recorded on Tuesday a targeted cyber attack against a critical energy infrastructure facility in the country. The advisory added that the described activity is carried out by the Russian state-sponsored APT28 hacker group. The agency confirmed that they were able to prevent any intrusion.

read more

Russian Cyberattack Targets Water and Gas Utility Meter Manufacturer in Ukraine

August 1, 2023

Illia Vitiuk, head of the cyber department at the Security Service of Ukraine (SBU), when asked in an interview for a recent example of attacks Russia has carried out during the war, gave a previously undisclosed real-world example. He said Russia targeted a water and gas utility meter manufacturer in a supply chain attack. The Security Service of Ukraine (SBU) was able to stop the supply chain attack from real-world consequences.

SBU went on to explain this was targeted at telemetry equipment that could see and measure the consumption of water or gas. They penetrated the company as a new update was about to come out. With this update, they wanted to penetrate these systems [a kind of supply chain hack similar to the SolarWinds hack in 2019].

read more

Ukrainian Online Surveillance Cameras Allegedly Hacked by Russia to Carry Out Deadly Drone Attacks

January 2, 2024

Ukraine’s security officers said they took down two online surveillance cameras that were allegedly hacked by Russia to spy on air defense forces and critical infrastructure in Ukraine’s capital, Kyiv.

The cameras were installed on residential buildings in Kyiv and were initially used by residents to monitor the surrounding area and parking lot. After hacking them, the Russian intelligence services supposedly gained remote access to the cameras, changed their viewing angles, and connected them to YouTube to stream sensitive footage.

According to Ukraine’s security service, SBU, this footage likely helped Russians direct drones and missiles toward Kyiv during a large-scale missile strike against Ukraine on Tuesday. During the attack, Russia fired almost 100 drones and missiles, primarily targeting Kyiv and Kharkiv, Ukraine’s second-largest city. At least 5 people were killed, and 129 were injured.

Since Russia invaded Ukraine in February 2022, the SBU said it has blocked about 10,000 digital security cameras that Moscow might have used to prepare for missile strikes on Ukraine.

read more

Russian Sandworm Behind Operational Disruption of Ukraine Energy Facility in October 2022

October 12, 2022

According to Google-owned US cybersecurity firm Mandiant, Russia-linked hacking group Sandworm were behind hacks on Ukraine energy infrastructure during the October 2022 blackouts. The attack is a rare example of a cyber incident disrupting the physical operation of a targeted facility, according to Mandiant. There was potentially a two-month time period from when the attacker gained initial access to the SCADA system to when they developed the OT capability. Two days after the OT event, Sandworm deployed a new variant of CADDYWIPER in the victim’s IT environment to cause further disruption and potentially to remove forensic artifacts.

The techniques used during the attack show a growing maturity of Russia’s operational technology-oriented offensive cyber capabilities and overall approach to attacking such systems, Mandiant said.

read more

‘Sandworm’ Attack Interrupts Service at 11 Telcom Providers in Ukraine

May 1, 2023

The state-sponsored Russian hacking group tracked as ‘Sandworm’ has compromised eleven telecommunication service providers in Ukraine between May and September 2023.
That is based on a new report by Ukraine’s Computer Emergency Response Team (CERT-UA) citing ‘public resources’ and information retrieved from some breached providers. The agency states that the Russian hackers “interfered” with the communication systems of 11 telcos in the country, leading to service interruptions and potential data breaches.

read more

225K Customers Without Power in Ukraine Power Grid Hack

December 23, 2015

On the evening of December 23, 2015, the cursor on the grid operator’s computer screen started to move on its own. Hackers had struck the power distributor company Prykarpattyaoblenergo in Ukraine, disabling one circuit breaker after another. It was one of a kind cyberattack on a power grid executed successfully. Soon after, half of the population of Ukraine’s Ivano-Frankivsk region were in the dark without power for up to six hours. While the power was restored in a few hours, it took months for all the control centers to become fully operational again.

The hack on Ukraine’s power grid was a first-of-its-kind attack that sets an ominous precedent for the security of power grids everywhere.

read more