How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter
5 months ago

How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter

Wired  

As Russia has tested every form of attack on Ukraine's civilians over the past decade, both digital and physical, it's often used winter as one of its weapons—launching cyberattacks on electric utilities to trigger December blackouts and ruthlessly bombing heating infrastructure. Now it appears Russia-based hackers last January tried yet another approach to leave Ukrainians in the cold: a specimen of malicious software that, for the first time, allowed hackers to reach directly into a Ukrainian heating utility, switching off heat and hot water to hundreds of buildings in the midst of a winter freeze. Industrial cybersecurity firm Dragos on Tuesday revealed a newly discovered sample of Russia-linked malware that it believes was used in a cyberattack in late January to target a heating utility in Lviv, Ukraine, disabling service to 600 buildings for around 48 hours. Dragos' report on the malware notes that the attack occurred at a moment when Lviv was experiencing its typical January freeze, close to the coldest time of the year in the region, and that “the civilian population had to endure sub-zero temperatures.” As Dragos analyst Kyle O'Meara puts it more bluntly: “It's a shitty thing for someone to turn off your heat in the middle of winter.” The malware, which Dragos is calling FrostyGoop, represents one of less than 10 specimens of code ever discovered in the wild that's designed to interact directly with industrial control-system software with the aim of having physical effects. Working with Ukraine's Cyber Security Situation Center, a part of the country's SBU cybersecurity and intelligence agency, Dragos says it then learned that the malware had been used in the cyberattack that targeted a heating utility starting on January 22 in Lviv, the largest city in western Ukraine.

History of this topic

Russian hackers were inside Ukraine telecoms giant Kyivstar's system for months: Cyber spy chief
11 months, 2 weeks ago
GCHQ chief says Putin launched cyber-attack on Ukraine the month before invasion
2 years, 4 months ago
Ukraine says potent Russian hack against power grid thwarted
2 years, 8 months ago
Ukraine issues alert amid rising cyberattacks by Russia
2 years, 9 months ago
Ukraine hit by more cyberattacks, destructive malware
2 years, 10 months ago

Discover Related