Security News > 2022 > April > Russian Hackers Tried Attacking Ukraine's Power Grid with Industroyer2 Malware
![Russian Hackers Tried Attacking Ukraine's Power Grid with Industroyer2 Malware](/static/build/img/news/russian-hackers-tried-attacking-ukraine-s-power-grid-with-industroyer2-malware-medium.jpg)
"The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated computing systems, Linux-operated server equipment, [and] active network equipment," The State Service of Special Communications and Information Protection of Ukraine said in a statement.
Slovak cybersecurity firm ESET, which collaborated with CERT-UA to analyze the attack, said the attempted intrusion involved the use of ICS-capable malware and regular disk wipers, with the adversary unleashing an updated variant of the Industroyer malware, which was first deployed in a 2016 assault on Ukraine's power grid.
"The Sandworm attackers made an attempt to deploy the Industroyer2 malware against high-voltage electrical substations in Ukraine," ESET explained.
"In addition to Industroyer2, Sandworm used several destructive malware families including CaddyWiper, OrcShred, SoloShred, and AwfulShred."
The victim's power grid network is believed to have penetrated in two waves, the initial compromise occurring no later than February 2022, coinciding with the Russian invasion of Ukraine, and a follow-on infiltration in April that allowed the attackers to upload Industroyer2.
Alongside Industroyer2 and CaddyWiper, the targeted energy provider's network is also said to have been infected by a Linux worm called OrcShred, which is then used to spread two different wiper malware targeting Linux and Solaris systems - AwfulShred and SoloShred - and render the machines inoperable.
News URL
https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html
Related news
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
- Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)
- Hackers hijack antivirus updates to drop GuptiMiner malware (source)
- Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (source)
- Iranian hackers pose as journalists to push backdoor malware (source)
- Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (source)
- Poland says Russian military hackers target its govt networks (source)
- North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (source)