London (Reuters) – Ukraine said on Tuesday it had thwarted an attempt by Russian hackers to damage its electricity grid last week with a cyberattack.
“This is a military hacking team,” said government spokesman Victor Zhora. “Their aim was to disable a number of facilities, including electricity substations.”
“They did not succeed, and we’re investigating.”
Kyiv blamed the attack on a group dubbed “Sandworm” by researchers and previously tied to cyberattacks attributed to Russia.
The Computer Emergency Response Team of Ukraine (CERT-UA) said in a statement the hackers had targeted computers controlling high voltage substations in Ukraine, belonging to an energy company which CERT-UA did not identify.
The hackers had struck in two waves, first compromising the power network no later than February, before the second attack, which included a plan to shut substations and harm infrastructure last Friday evening, it said.
Ukraine managed to prevent the attack from taking place, and there was no damage to the grid.
Russian officials could not be immediately reached for comment. Moscow has consistently denied accusations it has launched cyberattacks on Ukraine.
Slovakian cybersecurity firm ESET, which said it had worked with Ukraine to foil the attack, described the malware as an upgraded version of a programme which had caused power blackouts in Kyiv in 2016.
One piece of malware was designed to take over computer networks at the energy provider “in order to cut power”, while a second program was deployed to wipe out data to slow attempts to get power back online.
“Sandworm is an apex predator, capable of serious operations, but they aren’t infallible,” John Hultquist of U.S. cybersecurity firm Mandiant said.
“It’s increasingly clear that one of the reasons attacks in Ukraine have been moderated is because defenders there are very aggressive and very good at confronting Russian actors.”