Ukraine says it stopped a Russian cyberattack on its power grid

Illustration by Kristen Radtke / The Verge

An attack on the power grid in Ukraine was stopped by officials and analysts. According to The Record, a hacking group called Sandworm has ties to the Russian government, and that's why the firm says it was likely carried out by them.

According to the CERT-UA, the group planned to shut down computers that controlled the infrastructure of the power company. On April 8th, the hackers intended to cut off power and wipe the computers that would be used to try and get the grid back online.

The recently discovered CaddyWiper is one of the types of software that was involved in the attempted attack. There is a new piece of software called Industroyer2. According to a security firm, the original Industroyer was used in a successful 2016 cyberattack that cut off power in parts of Kyiv. It isn't widely used by hackers and it's written for very specific uses.

The company's systems were initially breached by the hackers before March. The analysis shows that one of the main pieces of software was built over two weeks before the attack was supposed to take place.

It's not clear how the hackers got into the company's network or how they gained access to the network that controls industrial equipment. The analysis shows that the hackers were going to cover their tracks after the attack.

Since the Russian invasion began, Ukraine and its infrastructure have been targeted by hackers. The country's response to this incident shows that it is capable of warding off complex attacks, even if this isn't the last attack on its power grid.