Alleged Russian-Made Malware Tried to Shut Down Ukraine Energy Facility

pcmag.com:

The Russian government may have tried to shut down Ukraine’s energy grid with a Windows malware strain capable of controlling industrial systems.

On Tuesday, antivirus company ESET announced it had worked with the Ukrainian government to foil the malware attack on an unnamed energy provider in the country. 

The malware, dubbed Industroyer2, was found on a computer at the energy provider. It was designed to communicate with industrial equipment, including electrical substations, which convert the high-voltage electricity to supply homes and businesses with power. 

ESET is still investigating how the Industroyer2 works, but found it was programmed to begin executing its malicious processes on April 8 at 6:10 a.m. EST, likely in an attempt to shut down power at the energy provider. 

ESET is also attributing the malware to the Russian state-sponsored hacking group Sandworm, which the US government suspects works for the Kremlin’s military intelligence agency, the GRU. Evidence includes how the malware shares similarities with the original Industroyer malware, which managed to disrupt Ukraine’s energy grid in 2016. “We assess with high confidence that the new variant was built using the same source code,” ESET said.  

It remains unclear how the new strain, Industroyer2, is spread. But Ukrainian authorities say the energy provider suffered an initial compromise no later than February, the same month Russia invaded Ukraine. The Industroyer 2 malware sample found in the energy provider’s network was also compiled on March 23, which suggests the hackers planned the attack two weeks prior. 

ESET also discovered various other malware strains inside the energy provider’s network. This included the presence of CaddyWiper, a separate