Ukraine says Russian cyberattack sought to shut down energy grid

Russian military hackers tried and failed to attack Ukraine’s energy infrastructure last week, the country’s government and a major cybersecurity company said Tuesday.

The attack was designed to infiltrate computers connected to multiple substations, then delete all files, which would shut that infrastructure down, according to Ukraine’s summary of the incident.

ESET, a Slovakia-based cybersecurity company working to help secure Ukrainian infrastructure, said in a summary of the attack that it was conducted by the same arm of Russia’s military intelligence agency, GRU, that had previously successfully executed similar attacks in 2014 and 2015. In both of those incidents, some residents of Kyiv temporarily lost power. This attack had been planned for at least two weeks, ESET said.

Since Russia began its invasion in February, Ukraine hasn’t been hit by any attacks as visibly destructive as those previous hacks of Kyiv energy companies. But Ukraine has faced multiple so-called “wiper” attacks, including ones that have targeted computers in Ukraine’s government, financial institutions and internet service providers. Those attacks also look to mass-delete files from hacked computers.

Viktor Zhora, a top Ukrainian cybersecurity official, said in a press conference held over the video conferencing platform Zoom that the malware did successfully infiltrate some computers in Ukraine’s energy sector and caused disruptions at one facility. But that was quickly remedied and no customers lost power, he said.

The effective defense came from a combined team of information technology staff, Ukrainian intelligence, ESET and Microsoft, which is also helping defend Ukraine from hackers, Zhora said.

Zhora declined to name the electrical company or the region where it operates, but said the company provides electricity for an area where millions of people live.

Ciaran Martin, the former head of the U.K.’s National Cyber Security Centre, said the attack was in line with previous Russian hacking attempts.

“This is the sort of operation Russia carried out on more than one occasion between the annexation of Crimea in 2014 and the full invasion this year,” Martin said in a text message. “It’s just a more rushed version and, it seems, an entirely unsuccessful one thanks in part to excellent cyber defense work.”