14 April 2022

VARIETY OF MALWARE USED IN FOILED HACKER ATTACK

It’s unclear how the hackers initially got into the company’s network or how they gained access to the network that controls industrial equipment like the targeted substations. The analysis does show, however, that the hackers were planning on covering their tracks after the attack.

Ukraine says it stopped a Russian cyberattack on its power grid

Hackers have revamped a rare piece of malware specifically made to target power infrastructure

"An attack on Ukraine’s power grid was foiled by cybersecurity analysts and officials, as reported by Reuters. After investigating the methods and software used by the attackers, cybersecurity firm ESET says that it was likely carried out by a hacking group called Sandworm, which The Record reports allegedly has ties to the Russian government.

The group planned to shut down computers that controlled substations and infrastructure belonging to a particular power company, according to the Computer Emergency Response Team of Ukraine (or CERT-UA). The hackers meant to cut off power on April 8th while also wiping the computers that would be used to try and get the grid back online.

This attempted attack involved a wide variety of malware, according to ESET, including the recently discovered CaddyWiper. ESET also found a new piece of malware, which it calls Industroyer2.

> The original Industroyer was used in a successful 2016 cyberattack that cut off power in parts of Kyiv, according to the security firm, probably by the same group behind this month’s foiled attack. Industroyer isn’t widely used by hackers — ESET notes that it’s only seen it used twice (earlier this month and in 2016), which implies that it’s written for very specific uses.

CERT-UA says that the hackers were biding their time, initially breaching the company’s systems before March. ESET’s analysis shows that one of the main pieces of malware was compiled over two weeks before the attack was supposed to take place. . ."

Related Articles:

Microsoft: Ukraine hit with FoxBlade malware hours before invasion

US, UK link new Cyclops Blink malware to Russian state hackers

New CaddyWiper data wiping malware hits Ukrainian networks

Hackers use Conti's leaked ransomware to attack Russian companies

Ukraine: Russian Armageddon phishing targets EU govt agencies 

 

No comments: