Russian hackers infiltrate Ukrainian energy sector with cyber attacks

TLDR:

• Russian hackers are targeting Ukrainian energy facilities.
• The cyberwarfare unit of Russia’s military intelligence service is responsible.

Russian state hackers have been conducting cyberattacks on Ukraine’s energy sector, including energy, water, and heating facilities, posing a significant threat to the country’s critical infrastructure. The attacks, carried out by the cyberwarfare unit of Russia’s military intelligence service known as Sandworm, have targeted up to 20 enterprises in Ukraine. One of the main vulnerabilities exploited by the hackers is a backdoor called “Kapeka,” which was first discovered in 2022. This vulnerability allowed the hackers to successfully infiltrate the supply chains of the critical energy infrastructure in the country.

The warning comes as Ukrainian President Volodymyr Zelenskyy has raised concerns about a potential large-scale Russian offensive set to commence in May. The ongoing cyberattacks are part of Russia’s broader strategy to undermine Ukraine’s energy sector and power grid. Russian hackers have launched physical and cyber attacks on Ukraine since 2022 as part of their military aggression towards the country. These attacks have included attempts to delete data from substations and drone attacks on energy infrastructure.

The Sandworm cyber sabotage unit is known for its sophisticated hacking capabilities and targeting critical infrastructure sectors globally. A recent Mandiant report described Sandworm as a versatile tool used by the Russian government to fulfill its strategic objectives, including undermining democratic processes worldwide. Ukrainian cyber defenders have also reported that Sandworm is leveraging popular messaging apps among Ukrainian soldiers to gain a tactical edge on the battlefield.

In conclusion, the cyber siege on Ukraine’s energy sector by Russian hackers is a serious threat to the country’s critical infrastructure. The attacks highlight ongoing tensions between the two nations and reinforce the importance of enhancing cybersecurity measures to protect vital systems and services.