Hackers Linked To Russian Intelligence Blamed For 2022 Ukraine Grid Disruption

By Mike Eckel, alumnus of The Fletcher School and Senior News Correspondent

Hackers affiliated with Russia’s military intelligence agency penetrated and disrupted parts of Ukraine’s electricity grid late last year using sophisticated new hacking tools, a new report said.

The findings, by the U.S. cybersecurity firm Mandiant, add further evidence about the tools used by, as well as the sophistication of, the agency known as the GRU in targeting not only Ukraine, but other places around the globe as well.

“This attack represents the latest evolution in Russia’s cyber physical attack capability, which has been increasingly visible since Russia’s invasion of Ukraine,” the Mandiant report said.

A GRU entity known as Unit 74455 has been blamed for some of the most damaging cyberattacks across the world over the past decade. Known widely by the nickname “Sandworm,” the unit gained notoriety when it penetrated Ukraine’s electricity grid in 2015, cutting off power to more than 200,000 people.

In 2020, U.S. prosecutors announced an indictment against six officers from Unit 74455 for a series of hacks that targeted French presidential elections, the 2018 Pyeongchang Olympics, and the international organization investigating Russia’s use of a deadly nerve agent.

GRU officers were also indicted by the United States in the hack of U.S. political parties in the run-up to the 2016 presidential election.

In October 2022, Russia launched a wave of missile and drone strikes on Ukraine’s power grid, causing blackouts in many parts of the country. Kyiv scrambled to contain the damage and was forced to temporarily leave four regions without electricity.

At the same time, Mandiant said, the Sandworm hackers were able to cut power in one unidentified region of Ukraine by tripping circuit breakers at an electrical substation. The group then used software to wipe some of the linked computer servers in an effort to cover their tracks.

“Beyond Ukraine, the group continues to sustain espionage operations that are global in scope and illustrative of the Russian military’s far-reaching ambitions and interests in other regions,” Mandiant said.

Russia’s intelligence and security agencies have overlapping, sometimes competing cyberoperations. Aside from the GRU, the Foreign Intelligence Service has been accused in the hacking of U.S. political campaigns in 2016.

Russia’s main domestic security agency, the Federal Security Service, has two known cyber-units. The first, Center 18, or the Center for Information Security, was roiled by a major treason scandal in 2019.

The other is Center 16, formally known as the Center for Radio-Electronic Intelligence by Means of Communication, or Military Unit 71330, which oversees the FSB’s signals intelligence capabilities, including intercepting communications, decryption, and data processing.

Center 16 was behind a unique bit of malicious code that lurked on computers servers in the West for decades, conducting secret surveillance of users. Authorities in five countries announced in May that they had successfully unplugged that malware, known as Snake, or Uroburos, or Venomous Bear.

Russian nongovernmental organizations have also been implicated in hacking efforts. In 2018, the U.S. Justice Department indicted the Internet Research Agency — a so-called “troll factory” controlled by the late Yevgeny Prigozhin, then a close confidant of President Vladimir Putin –which specialized in creating fake social media accounts and spreading disinformation and propaganda.

The department also indicted Prigozhin himself and 15 other Russian individuals for alleged fraud “for the purpose of interfering with the U.S. political and electoral processes, including the presidential election of 2016.”

(This post is republished from RFERL.)

Leave a Reply