Poland’s electric grid was targeted by Wiper malware, likely spread by Russia’s state hackers, in an attempt to disrupt power distribution operations, researchers said Friday.
According to Reuters report, a cyber attack occurred in the last week of December. The news organization said it was intended to disrupt communications between renewable installations and electricity distribution operators, but failed for obvious reasons.
Vipers R Us
On Friday, security firm ESET said the malware responsible was a wiper, a type of malware that permanently erases code and data stored on a server with the goal of completely destroying operations. After studying the tactics, techniques and procedures (TTP) used in the attack, company researchers said Viper was likely the work of a Russian government hacker group it tracked under the name Sandworm.
“Based on our analysis of the malware and related TTPs, we attribute the attack to the Russia-aligned Sandworm APT with moderate confidence due to a strong overlap with several previous Sandworm Viper activities we analyzed,” ESET researchers said. “We are not aware of any successful disruptions occurring as a result of this attack.”
Sandworm has a long history of devastating attacks targeting the Kremlin and its opponents. The most notable incident occurred in December 2015 in Ukraine. It left about 230,000 people without power for about six hours during one of the coldest months of the year. Hackers used general-purpose malware called BlackEnergy to penetrate the supervisory control and data acquisition systems of power companies and, from there, activate legitimate functionality to disrupt power distribution. This incident was the first known malware-facilitated blackout.
<a href