Monday’s advisory alluded to two cyberattacks the Russian government carried out — first in 2015 and then almost exactly one year later — that deliberately left Ukrainians without power during one of the coldest months of the year. The attacks were seen as a proof-of-concept and test ground of sorts for disrupting Ukraine’s power supply. “The experience of cyberattacks on Ukraine’s energy systems in 2015 and 2016 will be used when conducting operations,” the Ukrainian government said on Monday.
It’s hard to assess the chances of a successful hacking campaign against Ukraine’s power grids. Earlier this year, Ukraine’s CERT-UA said it successfully detected a new strain of Industroyer inside the network of a regional Ukrainian energy firm. Industroyer2 reportedly was able to temporarily switch off power to nine electrical substations but was stopped before a major blackout could be triggered. […] But researchers from Mandiant and elsewhere also note that Sandworm, the name for the Kremlin-backed group behind the power grid hacks, is among the most elite hacking groups in the world. They are known for stealth, persistence, and remaining hidden inside targeted organizations for months or even years before surfacing. Besides an attack on electrical grids, Monday’s advisory also warned of other forms of disruptions the country expected Russia to ramp up. “The Kremlin also intends to increase the intensity of DDoS attacks on the critical infrastructure of Ukraine’s closest allies, primarily Poland and the Baltic states,” the advisory stated.
“We don’t have any direct knowledge or data to make an assessment on Ukraine’s capability to defend its grid, but we do know that CERT-UA stopped the deployment of INDUSTROYER.V2 malware that targeted Ukraine’s electric substations earlier this year,” Chris Sistrunk, technical manager of Mandiant Industrial Control Systems Consulting, wrote in an email. “Based on that, and what we know about the Ukrainian people’s overall resolve, it’s increasingly clear that one of the reasons cyberattacks in Ukraine have been dampened is because its defenders are very aggressive and very good at confronting Russian actors.”