Ukraine stops cyber attacks on energy facilities with the help of ESET and Microsoft, confirming variants of malware 'Industroyer'

Ukrainian authorities have announced that they have worked with security firm ESET and Microsoft researchers to prevent cyber attacks on energy facilities. In this attack, a variant of the malware 'Industroyer' that once caused a large blackout in Ukraine was discovered.

@_CERT_UA under the @dsszzi reported a #Sandworm (UAC-0082) #cyberattack on Ukraine's energy infrastructure suing # Industroyer2 and #CaddyWiper malware.
The attackers attempted to take down several infrastructure components of their target, namely: (1/5) #cyberwar #WARINUKRAINE

— SSSCIP Ukraine (@dsszzi) April 12, 2022

CERT-UA --Кібератака групи Sandworm (UAC-0082) на об'єкти енергетики України з використанням шкідливих IN програ
https://cert.gov.ua/article/39518

Industroyer2: Industroyer reloaded | WeLiveSecurity
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/

Researchers find new malware variant after stopping attack on Ukrainian energy provider --The Record by Recorded Future
https://therecord.media/researchers-find-new-malware-variant-after-stopping-attack-on-ukrainian-energy-provider/

According to the Ukrainian Computer Emergency Response Team (CERT-UA), the attack targeted multiple infrastructures, including computers in high-voltage substations and energy-related facilities, network equipment, and server equipment running on Linux OS, and was the first attack. Was done by February 2022 at the latest. It seems that the substation disconnection attack scheduled for April 8, 2022 was prevented.

According to ESET, it is unknown how the attacker compromised the first victim and was able to move from the IT network to the industrial control system network. CERT-UA explains, 'By creating a chain of SSH tunnels, we traversed between different network segments.'

In this attack, a variant 'Industroyer 2' of the malware 'Industroyer' that caused a large-scale power outage in Ukraine in 2016 was found.

The use of the wiper malware 'Caddy Wiper' has been confirmed multiple times before and after Russia's invasion of Ukraine, and ESET follows the use of Industroyer 2 following a multi-wave wiper attack targeting various sectors of Ukraine. It shows the recognition that.