By James Pearson
LONDON (Reuters) -Russian cyber spies were behind a hack which disrupted part of Ukraine's power grid in late 2022 in a rare and advanced form of cyberwarfare, U.S. cybersecurity firm Mandiant, part of Google (NASDAQ:GOOGL), said in a report on Thursday.
Ukraine's SBU, the country's main intelligence agency, confirmed in a statement to Reuters that Russian hackers had struck a facility near its frontline with Russia.
Successful hacks against industrial control systems are relatively unique, with Russia being one of the few countries with the capability to carry out such cyberattacks.
“This attack represents the latest evolution in Russia’s cyber physical attack capability, which has been increasingly visible since Russia’s invasion of Ukraine,” said the report, which did not identify the specific facility against which the attack had been carried out.
Last October, a massive wave of Russian missile strikes on Ukraine's power network caused blackouts in many parts of the country, prompting Kyiv to halt power exports and leaving four regions temporarily without electricity.
The hacking group, known in cybersecurity research circles by the moniker “Sandworm”, was able to cause a power cut in an unidentified area of Ukraine by tripping circuit breakers at an electrical substation at the same time as the missile strike, the report said. The group then deployed data-wiping malware in a bid to cover their tracks, the report added.
Sandworm has been previously identified as a cyberwarfare unit of Russia’s GRU military intelligence agency.
Russia’s foreign ministry did not respond to a request for comment. The GRU could not be reached for comment.
Ukraine’s foreign ministry did not provide comment.
The SBU said Sandworm was behind the cyberattack and that the group was staffed by GRU officers. The attack was likely carried out to maximise the impact of Russian missile strikes, Illia Vitiuk, head of the agency's cybersecurity department, said in a statement.
Sandworm hackers rose to prominence in 2015 after a separate cyberattack against Ukraine’s power grid, which cut off power for around 255,000 people. The disruptive digital intrusion was widely considered to be one of the first known successful cyberattacks against a power network.
“There have only been a handful of incidents similar to this, with the majority carried out by Sandworm,” Mandiant analyst Nathan Brubaker said.