Menu
Russian group suspected to be linked to Ukraine power station cyberattack

Russian group suspected to be linked to Ukraine power station cyberattack

iSight Partners says the Sandworm team is likely involved

A cyberattack that knocked out power in the Ukraine last month is believed to have been initiated by a hacking group with strong Russian interests.

iSight Partners, a cybersecurity firm headquartered in Dallas, wrote on Thursday that a group called Sandworm was likely involved.

The link was made after a study of a malware sample called KillDisk and a related one used by Sandworm in the past called BlackEnergy 3, wrote John Hultquist, director of cyberespionage analysis at iSight Partners.

Another security company, Eset, wrote in a post last week that samples of BlackEnergy have carried the KillDisk component, which overwrites or deletes files.

Ukraine's CERT wrote in November that media in the country had been targeted by BlackEnergy around the time local elections were held.

iSight Partners first described Sandworm in October 2014, and since then several other security vendors have written about its activities.

The group has targeted NATO, western and Ukrainian government organizations and energy companies, according to an iSight document published by the Washington Post.

The latest attack, which occurred on Dec. 23 at a facility run by the service provider Prykarpattyaoblenergo, cut power to 80,000 customers for six hours, according to Reuters, which cited a report from a U.S. energy industry security group.

The attack has raised widespread concern as security experts have warned for years of the vulnerability of industrial control systems used by the energy industry.

"A cyberattack of this nature is a milestone – although a predictable one," Hultquist wrote. "The aggressive nature of Sandworm team’s previous activity in Europe and the United States exposed their interest in targeting critical systems and indicated preparation for cyber attack."

Tension have remained high between the Ukraine and Russia since the latter forcibly annexed Crimea in 2014.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments