Russian cyber spies were behind a hack which disrupted part of Ukraine’s power grid in late 2022, US cybersecurity firm Mandiant, part of Google, said in a report on Thursday, in a rare and advanced form of cyberwarfare.
Successful hacks against industrial control systems are relatively unique, with Russia one of the few countries with the capabilities to carry out such cyberattacks.
“This attack represents the latest evolution in Russia’s cyber physical attack capability, which has been increasingly visible since Russia’s invasion of Ukraine,” said the report, which did not identify the specific facility against which the attack had been carried out.
Last October, a massive wave of Russian missile strikes on Ukraine’s power network caused blackouts in many parts of the country, prompting Kyiv to halt electricity exports and leaving four regions temporarily without electricity.
The hacking group, known in cybersecurity research circles by the moniker “Sandworm”, was able to cause a power cut in an unidentified area of Ukraine by tripping circuit breakers at an electrical substation at the same time as the missile strike, the report said. The group then deployed data-wiping malware in a bid to cover their tracks, the report added.
Sandworm has been previously identified as a cyberwarfare unit of Russia’s GRU military intelligence agency.
Russia’s foreign ministry did not respond to a request for comment. The GRU could not be reached for comment. Ukraine’s foreign ministry and its SBU intelligence agency did not provide comment.
Sandworm hackers rose to prominence in 2015 after a separate cyberattack against Ukraine’s power grid which cut off power for around 255,000 people. The disruptive, digital, intrusion was widely considered to be one of the first, known, successful cyberattacks against a power network.
“There have only been a handful of incidents similar to this, with the majority carried out by Sandworm,” Mandiant analyst Nathan Brubaker said.