Ukrainian Cyber Agency Detects Russian Hacking Attempts to Disrupt Critical Infrastructure

Sandworm, a hacker group affiliated with Russia’s Main Directorate of the General Staff of the Armed Forces (GRU), has attempted to target a dozen critical infrastructure enterprises across Ukraine to disrupt the energy, water and heating supply.

According to the Computer Emergency Response Team of Ukraine (CERT-UA), the hacks were ultimately aimed at disabling the information and communication systems (ICS) of a dozen enterprises in 10 Ukrainian regions by first targeting companies within the supply chains and obtaining primary access to the system.

“The final plan of the enemy was to disable the ICS equipment, which should cause even more damage to Ukraine against the background of spring missile attacks on critical infrastructure,” reads the agency’s report.

The agency called for Ukrainians to “take measures to protect themselves and their data” and gave a list of recommendations to safeguard their cybersecurity, such as using multi-factor authentication and implementing a “zero trust” approach that requires strict verification while granting any user access for enterprises.

It’s believed the Sandworm group was also behind the infamous NotPetya attack, a malware disguised as ransomware that demands payment from victims, but in reality, has no functioning recovery feature and would simply erase user data regardless of payment.

Other Topics of Interest

Russia’s Air Defense Problems Are Growing

Moscow did not expect such a war at the start of the full-scale invasion. Now many Russians have gone into panic mode as they watch Ukrainian drones hit targets in Russia almost at will. It seems the tables have turned and Moscow is now on the back foot, forced to adapt to how Ukrainians have managed to scale up quantities of relatively cheap drones to inflict heavy damage on Russia’s air defense capabilities.

Cyberattacks have been commonplace throughout the war in Ukraine, with hacker groups affiliated with either government launching cyberattacks on private enterprises and critical infrastructure.

In December, another Russian hacker group launched one of the largest cyberattacks on Ukraine to date against Ukraine’s telecom giant Kyivstar. The attack destroyed part of Kyivstar’s infrastructure and left thousands without internet access for days. The hack also reportedly disrupted the air siren warning system in some regions, where sirens were not activated prior to Russian airstrikes.