Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures
The Ukrainian government on Monday warned of “massive cyberattacks” by Russia targeting critical infrastructure facilities located in the country and that of its allies.
The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GUR) said.
“By the cyberattacks, the enemy will try to increase the effect of missile strikes on electricity supply facilities, primarily in the eastern and southern regions of Ukraine,” the agency said in a brief advisory.
GUR also cautioned of intensified distributed denial-of-service (DDoS) attacks aimed at the critical infrastructure of Ukraine’s closest allies, chiefly Poland and the Baltic states of Estonia, Latvia, and Lithuania.
It’s not immediately clear what prompted the intelligence agency to issue the notice, but Ukraine has been at the receiving end of disruptive and destructive cyberattacks since the onset of the Russo-Ukrainian war earlier this February.
Even prior to that, a Russian state-sponsored group tracked as Sandworm (aka Voodoo Bear) orchestrated the 2015 and 2016 targeting of the Ukrainian power grids, causing over 225,000 Ukrainians to lose electricity during the month of December.
While the first attack involved the use of a revamped variant of a malware called BlackEnergy, the December 2016 intrusions notably made use of a custom malware known as Industroyer (aka CrashOverRide) that’s specifically designed to sabotage critical infra systems.
In the aftermath of the Russian military invasion of Ukraine, the Computer Emergency Response Team (CERT-UA) disclosed in April that it had fielded an attack targeting an unnamed energy provider that utilized an updated version of the Industroyer malware.
Sandworm, for its part, has been most recently observed masquerading as Ukrainian telecom operators such as Datagroup and EuroTransTelecom to deliver payloads like Colibri loader and Warzone RAT.
Microsoft, in June, also notified of rising Russian cyberattacks, stating that threat actors were not only going after government systems, but also prioritizing other sectors as part of its espionage efforts, including think tanks, IT firms, and energy companies.