Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes

Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes

November 10, 2023 at 07:51AM

Russian hackers Sandworm targeted a Ukrainian electrical substation, causing a brief power outage in October 2022. The attack involved using OT-level living-off-the-land techniques and a variant of CaddyWiper malware. The exact initial vector remains unclear, but the incident highlights Sandworm’s ongoing efforts to disrupt Ukraine’s power grid. Asset owners globally are advised to mitigate Sandworm’s tactics against IT and OT systems.

Key Takeaways from Meeting Notes:

1. The notorious Russian hacking group known as Sandworm targeted an electrical substation in Ukraine in October 2022.
2. Sandworm used a “multi-event cyber attack” that impacted industrial control systems (ICS) by tripping substation circuit breakers and deploying a new variant of CaddyWiper malware.
3. The location of the targeted energy facility, duration of the blackout, and the number of impacted people were not disclosed.
4. Sandworm has been consistently targeting and compromising Ukraine’s power grid since at least 2015.
5. The initial vector for the attack is unclear, but the use of OT-level living-off-the-land (LotL) techniques reduced the time and resources required.
6. Sandworm gained access to the operational technology (OT) environment through a hypervisor hosting a supervisory control and data acquisition (SCADA) management instance.
7. The malware capable of switching off substations was launched using an optical disc (ISO) image file, causing an unscheduled power outage.
8. Sandworm also deployed a new variant of CaddyWiper in the victim’s IT environment, potentially to remove forensic artifacts.
9. Sandworm’s attack poses an immediate threat to Ukrainian critical infrastructure using the MicroSCADA supervisory control system.
10. Asset owners globally should take action to mitigate Sandworm’s tactics, techniques, and procedures against IT and OT systems.

Full Article