Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Ukrainian Energy Sector Under Cyber Siege by Russian Hackers

Key Ukrainian Cyber Authority Warns of Spike in Cyberattacks on Energy Facilities
Ukrainian Energy Sector Under Cyber Siege by Russian Hackers
Ukrainian cyber defenders warn that Russian state hackers are targeting energy facilities. Pictured: destroyed a destroyed Ukrainian transformer shelled by Russian forces. (Image: Shutterstock)

Ukrainian cyber defenders issued an urgent warning that the nation's energy sector is under severe threat from a wave of cyberattacks by Russian hackers amid growing fears of a large-scale offensive later this spring.

Sandworm, the cyberwarfare unit of Russia's military intelligence service known as "one of the widest and high severity cyber threats globally," began targeting an estimated 20 enterprises across Ukraine's energy, water and heating industries in March, according to Ukraine's Computer Emergency Response Team.

Kyiv's primary incident response team said the Russian threat actor successfully compromised at least three supply chains across the country since then through a backdoor dubbed "Kapeka." The vulnerability, which was first discovered in 2022, allowed hackers to deploy malware known for attacks against water supply facilities, the report said (see: Likely Sandworm Hackers Using Novel Backdoor Kapeka).

The April warning comes as Ukrainian President Volodymyr Zelenskyy said his country is preparing for a major Russian offensive that could begin as soon as May. Russia has targeted Ukraine's energy sector and power grid with cyber and physical attacks since its 2022 initiation of a war of conquest against its European neighbor. The attacks including a failed attempt to delete the entirety of the data belonging to numerous substations across Ukraine's energy infrastructure in April of that year.

The Kremlin has also launched a wave of drone attacks targeting energy infrastructure across the country.

Russia's preeminent cyber sabotage unit has quickly become notorious for its advanced hacking capabilities and targeting of critical infrastructure sectors in Ukraine and across the globe (see: The Global Menace of the Russian Sandworm Hacking Team). A recent Mandiant report called Sandworm a "flexible instrument of power capable of servicing Russia's wide ranging national interests and ambitions, including efforts to undermine democratic processes globally."

A separate report published in April by Ukraine's Computer Emergency Response Team also warned that Sandworm was using popular messaging channels among Ukrainian soldiers to gain a tactical advantage on the battlefield (see: Report: Russian Hackers Targeting Ukrainian Soldiers on Apps).

About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.