A large-scale cyber attack on the energy sector was warned in Ukraine/focus.ua The computer emergency response team reported a cyber attack on Ukrainian energy facilities. Luckily, she was warned.
There is a government computer emergency response team CERT-UA under the State Service for Special Communications and Information Protection. She informed about the cyber attack by the Sandworm group (UAC-0082) on Ukrainian energy facilities.
Cyber attack on energy sector warned
The attackers planned to use Industroyer2 and CaddyWiper malware. Their plan involved disabling several infrastructure elements of the target, namely:
- Electrical substations – using the Industroyer2 malware. Each executable contained a statically specified set of unique parameters for the respective substations.
- Electronic computers running the Windows operating system (computers of users, servers, as well as workstations of automated process control systems) – using the destructive malicious program CaddyWiper.
- Server equipment under the control of the Linux operating system using malicious destructor scripts.
- Active network equipment.
Targeted organizations inflicted 2 attacks
The victim organization is known to have suffered two waves of attacks. The initial compromise took place no later than February 2022. And on the evening of April 8, the attackers planned to shut down electrical substations and disable the infrastructure of the enterprise. But the implementation of the malicious intent was prevented.
In order to identify whether there is a similar threat to other organizations in Ukraine, information, including malware samples, was transferred to international partners and enterprises in the energy sector of Ukraine.
<