Nozomi Networks has provided insights from Ukraine’s defeat of a Russian cyberattack attempting to disrupt critical infrastructure. The hackers were targeting the electricity grid and related facilities, which would have severely damaged Ukraine’s defences.
The attack, believed to be carried out by a Russian military supported group called ‘Sandworm’, is another effort to shut down Ukraine’s key systems. Sandworm’s strategy is to infiltrate systems and lie in wait for several weeks. This strategy can be particularly damaging as hackers may gain access to a wide range of services and facilities before detection. Nozomi says critical infrastructure operators should now be on the lookout for strange activity.
Chris Grove, Director, Cybersecurity Strategy, Nozomi Networks, commented: “The nature of this attack is one that everyone in the international critical infrastructure community should note, as it’s one of a handful of attacks that has directly hit Operational Technology (OT) systems.
“According to Nozomi Networks Labs, there have been reports of some hardcoded IPs in the malware sample, which is an indication that the threat actors had intimate knowledge of the environment they were deploying this in. Much like the similar malware that Sandworm deployed in Ukraine in 2016, industrial control systems (ICS) operators must monitor their networks for any strange activity, as Russian tactics prove to sit in environments for weeks to months before executing these attacks.”
Click below to share this article