A group of Russian hackers, known as Sandworm, did something pretty bad in Ukraine last year. They targeted an electrical station, which is a place that helps provide electricity to people, and they caused the power to go out briefly in October 2022.
Google’s Mandiant found out about this cyberattack. They called it a “multi-event cyber attack,” which means it had a lot of different parts. The hackers used a new and smart way to mess with the systems that control the electricity.
First, they did something called “living off the land.” This means they used tricks to mess with the electrical station’s circuit breakers. These are like switches that control the power. By doing this, they caused the power to go out when there were missile strikes happening in Ukraine. This made things even worse.
Then, Sandworm did another thing. They used a new kind of malware, which is like a computer virus, in the computer systems of the electrical station.
We don’t know exactly where this happened, how long the power was out, or how many people were affected. But this is not the first time Sandworm has attacked Ukraine’s power grid. They’ve been doing this kind of thing since 2015, using different types of malware.
We’re not sure how they got into the computer systems in the first place, but it seems they used some clever tricks to make it easier for them. The attack probably started in June 2022. They got into the part of the computer system that controls the electrical station using something called a hypervisor.
Then, on October 10, 2022, they used a special file to launch a virus that turned off the substations, which caused the power to go out unexpectedly.
Two days after the power outage, Sandworm used another type of malware called CaddyWiper in the computer systems to make things even worse. This may have been to cover up their tracks and get rid of any evidence that could help investigators.
CaddyWiper is a nasty piece of software that first appeared in March 2022 during the war between Russia and Ukraine.
The worst part is that this attack happened at the same time as a bunch of missile strikes on important things in Ukraine, including the city where this electrical station was.
Mandiant, the company that found out about all of this, says that it’s a big problem for Ukraine’s important systems that control things like electricity. They want people all around the world to be careful because the hackers could use similar tricks to mess with computer systems. So, it’s essential to protect our computer systems against these kinds of attacks.