Researchers said on Friday that Poland's power grid was targeted by wiper malware, likely unleashed by Russian state hackers, in an attempt to disrupt electricity supply operations.
According to Reuters, a cyber attack took place in the last week of December. The news organization said it aimed to disrupt communications between renewable facilities and the energy distribution companies, but failed for unexplained reasons.
Windshield Wipers R Us
Security firm ESET said on Friday that the malware responsible was a wiper, a type of malware that permanently erases code and data stored on servers with the aim of completely destroying operations. After reviewing the tactics, techniques and procedures (TTPs) used in the attack, company investigators said the wiper was likely the work of a Russian government hacker group tracked as Sandworm.
“Based on our analysis of the malware and associated TTPs, we attribute the attack with medium confidence to the Russia-linked Sandworm APT due to strong overlap with numerous previous Sandworm wipe activities we analyzed,” ESET researchers said. “We are not aware of any successful disruption as a result of this attack.”
Sandworm has a long history of devastating attacks on behalf of the Kremlin and targeting opponents. The most notable was in Ukraine in December 2015. During one of the coldest months of the year, about 230,000 people were without electricity for about six hours. The hackers used general-purpose malware known as BlackEnergy to penetrate energy companies' supervisory control and data acquisition systems and from there activate legitimate functionality to stop electricity distribution. The incident was the first known malware-facilitated blackout.
