Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures

The Ukrainian government on Monday warned of “massive cyberattacks” by Russia targeting critical infrastructure facilities located in the country and that of its allies.

The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GUR) said.

“By the cyberattacks, the enemy will try to increase the effect of missile strikes on electricity supply facilities, primarily in the eastern and southern regions of Ukraine,” the agency said in a brief advisory.

GUR also cautioned of intensified distributed denial-of-service (DDoS) attacks aimed at the critical infrastructure of Ukraine’s closest allies, chiefly Poland and the Baltic states of Estonia, Latvia, and Lithuania.

It’s not immediately clear what prompted the intelligence agency to issue the notice, but Ukraine has been at the receiving end of disruptive and destructive cyberattacks since the onset of the Russo-Ukrainian war earlier this February.

Even prior to that, a Russian state-sponsored group tracked as Sandworm (aka Voodoo Bear) orchestrated the 2015 and 2016 targeting of the Ukrainian power grids, causing over 225,000 Ukrainians to lose electricity during the month of December.

While the first attack involved the use of a revamped variant of a malware called BlackEnergy, the December 2016 intrusions notably made use of a custom malware known as Industroyer (aka CrashOverRide) that’s specifically designed to sabotage critical infra systems.

In the aftermath of the Russian military invasion of Ukraine, the Computer Emergency Response Team (CERT-UA) disclosed in April that it had fielded an attack targeting an unnamed energy provider that utilized an updated version of the Industroyer malware.

Sandworm, for its part, has been most recently observed masquerading as Ukrainian telecom operators such as Datagroup and EuroTransTelecom to deliver payloads like Colibri loader and Warzone RAT.

Microsoft, in June, also notified of rising Russian cyberattacks, stating that threat actors were not only going after government systems, but also prioritizing other sectors as part of its espionage efforts, including think tanks, IT firms, and energy companies.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

CyberSecure Announces Strategic Alliance

CyberSecure Announces Strategic Alliance

BETHESDA, Md., March 24, 2023 /PRNewswire/ — Cybersecure IPS and LockDown Inc. jointly announce that they have entered a strategic alliance to…
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own…
GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

GitHub, a Microsoft subsidiary has replaced its SSH keys after someone inadvertently published its private RSA SSH host key part of…