https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Critical Infrastructure


Partner content

Russian group Sandworm foiled in attempt to disrupt Ukraine power grid

Russian group Sandworm foiled in attempt to disrupt Ukraine power grid

  • Written by Jai Vijayan / Dark Reading
  • 14th April 2022

Ukraine’s computer emergency response team (CERT-UA), in collaboration with researchers from ESET and Microsoft, last week foiled a cyberattack on an energy company that would have disconnected several high-voltage substations from a section of the country’s electric grid on April 8.

The attack, by Russia’s infamous Sandworm group, involved the use of a new, more customized version of Industroyer, a malware tool that the threat actor first used in Dec. 2016 to cause a temporary power outage in Ukraine’s capital Kyiv. In addition to the ICS-capable malware, the latest attack also featured destructive disk-wiping tools for the energy company’s Windows, Linux, and Solaris operating system environments that were designed to complicate recovery efforts.

The Russian cyber-assault, in the middle of the country’s grinding war in Ukraine, has stirred concern about similar attacks on other energy companies in Ukraine and outside the country as well. It prompted the CERT-UA to distribute indicators of compromise and other attack artifacts to energy companies in Ukraine and to what it described as a “limited number” of international partners.

Andrii Bezverkhyi, CEO of SOC Prime, who is currently in Ukraine as a consultant with CERT-UA, says energy companies everywhere need to view the latest Sandworm cyber operation as a signal of escalation and be on high alert.

“They have capability to strike synchronously across entire [industries or geographies],” Bezverkhyi says. He advises that energy companies everywhere hone up on Sandworm’s tactics, techniques, and procedures so they can better detect and protect against the threat actor.

A Dangerous, Persistent Threat
Sandworm is an advanced persistent threat actor linked to a special technology operations group at the Russian General Staff Main Intelligence Directorate (GRU). The group has been associated with several high-profile and destructive attacks over the years — most notably on Ukraine’s electricity system. In 2015, Sandworm used malware called BlackEnergy in an attack that took down a swathe of Ukraine’s power grid for several hours. In 2016, it used Industroyer to similar effect in Ukraine and then followed up the next year with destructive data-wiping attacks using the NotPetya malware tool. The Sandworm group is also thought to behind denial-of-service attacks in the country of Georgia, as well as a campaign that targeted the 2018 Winter Olympics.

Industroyer, the threat actor’s weapon of choice in the latest attack, is malware specifically made to disrupt equipment associated with electric grids. Previous research by ESET and Dragos have showed the malware to be designed to allow threat actors to gain remote control of switches and circuit breakers in high-voltage substations and to manipulate them in such a way as to trigger disruptions. For example, the version of the malware used in the 2016 Ukraine attack could be used to force circuit breakers to remain open, resulting in the substation becoming de-energized.

The malware also allowed attackers in 2016 to essentially disconnect a substation from the rest of the grid by continuously toggling circuit breakers between “on” and “off” until protective measures kicked in to “island” off the substation — and trigger a blackout on that section of the grid.

One key feature of Industroyer is that it does not exploit any vulnerabilities, nor is it limited to attacking a single vendor’s technology. Rather, the malware — as used in the 2016 attacks — employs different industrial control protocols to communicate directly with systems in industrial control environments.

To read the complete article, visit Dark Reading.

 

Tags: Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness News Public Safety Security Software State & Local Government System Design System Installation System Operation Tracking, Monitoring & Control Training Partner content

Most Recent


  • AT&T wireless growth keyed by FirstNet—now provides 24,000 agencies with 4.4 million connections
    AT&T this week reported that FirstNet ended 2022 supporting more than 24,000 public-safety agencies with “about” 4.4 million connections, including 377,000 connections that were added during the last three months of 2022—a total that represents more than half of the carrier’s post-paid wireless growth for the quarter. AT&T officials released these figures in conjunction with […]
  • Report: Remote work causing offices to empty, but walkable cities still in high demand
    Given the reliance on vehicular transportation in the United States, some American cities historically haven’t prioritized being walkable in past planning and or design. But amid an unprecedented shift in the economy toward remote work, those that have are increasingly desirable for prospective residents. A new report from Smart Growth American and Places Platform, “Foot Traffic Ahead […]
  • AT&T FirstNet unleashes robotic dogs for emergency services
    AT&T is releasing robotic hounds from Ghost Robotics as part of the service provider’s FirstNet emergency responder service. In a blog, AT&T VP Lance Spencer explained that the robotic dogs will be connected to AT&T’s network and deployed for public safety, defense, federal and state agencies, local police and fire departments, and commercial customers. “Network-connected robotic dogs can deliver a […]
  • Federal agencies infested by cyberattackers via legit remote-management systems
    It has come to light that hackers cleverly utilized two off-the-shelf remote monitoring and management systems (RMMs) to breach multiple Federal Civilian Executive Branch (FCEB) agency networks in the US last summer. On Jan. 25, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Partnership and collaboration must be the foundation for emergency communications
  • CISA alert on ICS, SCADA devices highlights growing enterprise IoT security risks
  • Vodacom’s wearable devices shown to improve miner safety
  • Ericsson expects U.S. fines as digital loss hits $5.6 billion since 2017

Commentary


How 5G is making cities safer, smarter, and more efficient

26th January 2023

3GPP moves Release 18 freeze date to March 2024

18th January 2023

Do smart cities make safer cities?

  • 1
6th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

AT&T wireless growth keyed by FirstNet—now provides 24,000 agencies with 4.4 million connections dlvr.it/ShY5qH

27th January 2023
UrgentComm

Report: Remote work causing offices to empty, but walkable cities still in high demand dlvr.it/ShXM7Z

27th January 2023
UrgentComm

AT&T FirstNet unleashes robotic dogs for emergency services dlvr.it/ShW7p8

27th January 2023
UrgentComm

Federal agencies infested by cyberattackers via legit remote-management systems dlvr.it/ShVhn3

26th January 2023
UrgentComm

How 5G is making cities safer, smarter, and more efficient dlvr.it/ShVS1h

26th January 2023
UrgentComm

MCPTT interworking for critical communications dlvr.it/ShTm3P

26th January 2023
UrgentComm

Self-driving cars present terrorism risk, FBI director says dlvr.it/ShTTHx

26th January 2023
UrgentComm

UK Home Office officially will cut ESN ties with Motorola Solutions in December dlvr.it/ShNjfN

24th January 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.