Poland’s electric grid was recently targeted by wiper malware, linked to Russian state hackers, in an unsuccessful attempt to disrupt electricity delivery operations.
Incident Overview
A cyberattack occurred during the last week of December, aiming to disrupt communications between renewable energy installations and power distribution operators. Despite the malicious intent, the attempt failed for reasons that remain unexplained.
Details of the Malware
According to security firm ESET, the malware responsible for the attack is classified as a wiper, designed to permanently erase code and data stored on servers. This type of malware aims to completely destroy operational capabilities. The analysis of the malware revealed that it is likely the work of a Russian government hacker group known as Sandworm.
Attribution to Sandworm APT
Researchers at ESET stated, “Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with numerous previous Sandworm wiper activity we analyzed.” Importantly, they noted that no successful disruptions resulted from this attack.
Historical Context
Sandworm has a notorious history of destructive cyber actions conducted on behalf of the Kremlin, targeting various adversaries. One of the most significant incidents attributed to this group was a cyberattack in Ukraine in December 2015, which resulted in an estimated 230,000 people being left without electricity for around six hours during harsh winter conditions. In that case, hackers utilized general-purpose malware known as BlackEnergy to gain access to power companies’ supervisory control and data acquisition systems, from which they executed legitimate functionalities to halt electricity distribution.
Original source: Open the source
Editorial note: Cozy Corner Daily summarizes news based on available reporting and updates stories as new details emerge.
Read our editorial guidelines.
