Russian military hackers tried and failed to attack Ukraine’s energy infrastructure last week, the country’s government and a major cybersecurity company said Tuesday.
The attack was designed to infiltrate computers connected to multiple substations, then delete all files, which would shut that infrastructure down, according to Ukraine’s summary of the incident.
ESET, a Slovakia-based cybersecurity company working to help secure Ukrainian infrastructure, said in a summary of the attack that it was conducted by the same arm of Russia’s military intelligence agency, GRU, that had executed similar attacks successfully in 2014 and 2015. In both of those incidents, some residents of Kyiv temporarily lost power. This attack had been planned for at least two weeks, ESET said.
The attack adds to a growing number of efforts by Russia to target crucial Ukrainian infrastructure, some of which have been successful. Ukraine has faced multiple “wiper” attacks, including ones that have targeted computers in Ukraine’s government, financial institutions and internet service providers. Those attacks also look to mass-delete files from hacked computers. Russia has succeeded in hampering some of the country’s internet providers.
But a destructive hack of energy infrastructure is among the most aggressive possible cyberattacks in a government’s arsenal. A successful attack would have had wide impact and been the most visible cyberattack on Ukrainian infrastructure since Russia’s invasion started.
Viktor Zhora, a top Ukrainian cybersecurity official, said in a news conference held over the video conferencing platform Zoom that the malware successfully infiltrated some computers in Ukraine’s energy sector and caused disruptions at one facility. But that was quickly remedied and no customers lost power, he said.
The effective defense came from a combined team of information technology staffers, Ukrainian intelligence officers, ESET and Microsoft, which is also helping defend Ukraine from hackers, Zhora said.
Zhora declined to name the electrical company or the region where it operates, but said the company provides electricity for an area where millions of people live.
Ciaran Martin, the former head of the U.K.’s National Cyber Security Centre, said the attack was in line with previous Russian hacking attempts.
“This is the sort of operation Russia carried out on more than one occasion between the annexation of Crimea in 2014 and the full invasion this year,” Martin said in a text message. “It’s just a more rushed version and, it seems, an entirely unsuccessful one thanks in part to excellent cyber defense work.”
John Hultquist, vice president of intelligence at the cybersecurity company Mandiant, praised Ukraine’s defenses.
“Any move by Ukraine to stop a major attack like this, given the circumstances, is an outstanding success. The fact that they’re still defending their networks under these conditions is incredible,” Hultquist said.
The attack “would have added to the enormous suffering that Ukrainians are already enduring” if it had gone according to plan, he said.