Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled.
At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, Ukrainians government officials said on Tuesday.
“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”
The hackers from Russia’s GRU military intelligence agency used an upgraded version of malware first seen in its successful 2016 attack that caused blackouts in Kyiv, officials said, that was customised to target multiple substations.
They simultaneously seeded malware designed to wipe out computer operating systems, hindering recovery.
Authorities did not specify how many substations were targeted or their location, citing security concerns, but a deputy energy minister, Farid Safarov, said “2 million people would have been without electricity supply if it was successful.”
Zhora, the deputy chair of the State Service of Special Communications, said the malware was programmed to knock out power on Friday evening just as people returned home from work and switched on news reports.
He said that power grid networks were penetrated before the end of February, when Russia invaded, and that the attackers later uploaded the malware, dubbed Industroyer2.
The malware succeeded in disrupting one component of the impacted power station’s management systems, also known as SCADA systems.
Zhora would not offer further details or explain how the attack was defeated or which partners may have assisted directly in defeating it.
He did acknowledge the depth of international assistance Ukraine has received in identifying intrusions and the challenges of trying to rid government, power grid and telecommunications networks of attackers. The helpers include keyboard warriors from US Cybercommand.
Cybercom was asked if it assisted in the emergency response but did not immediately answer.
The Computer Emergency Response Team of Ukraine thanked Microsoft and the cybersecurity firm ESET for their assistance in dealing with the power grid attack in a bulletin posted online.
Officials said the destructive attacks had been planned at least since March 23, and Zhora speculated it was timed by Russia to “invigorate” its soldiers after they took heavy losses in a failed bid to capture Kyiv, the capital.
Zhora stressed that Russian cyber attacks have not successfully knocked out any power to Ukrainians since this invasion began.