WIPE OUT
Poland’s energy grid was targeted by never-before-seen wiper malware
Destructive payload unleashed on 10-year anniversary of Russia’s attack on Ukraine’s grid.
Removing computer data and clearing digital code from a hard drive or memory storage server as a hacking or internet security conept as a 3D illustration. Credit: Getty Images
Researchers on Friday said that Poland’s electric grid was targeted by wiper malware, likely unleashed by Russia state hackers, in an attempt to disrupt electricity delivery operations.
A cyberattack, Reuters reported, occurred during the last week of December. The news organization said it was aimed at disrupting communications between renewable installations and the power distribution operators but failed for reasons not explained.
Wipers R Us
On Friday, security firm ESET said the malware responsible was a wiper, a type of malware that permanently erases code and data stored on servers with the goal of destroying operations completely. After studying the tactics, techniques, and procedures (TTPs) used in the attack, company researchers said the wiper was likely the work of a Russian government hacker group tracked under the name Sandworm.
“Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with numerous previous Sandworm wiper activity we analyzed,” said ESET researchers. “We’re not aware of any successful disruption occurring as a result of this attack.”
Sandworm has a long history of destructive attacks waged on behalf of the Kremlin and aimed at adversaries. Most notable was one in Ukraine in December 2015. It left roughly 230,000 people without electricity for about six hours during one of the coldest months of the year. The hackers used general purpose malware known as BlackEnergy to penetrate power companies’ supervisory control and data acquisition systems and, from there, activate legitimate functionality to stop electricity distribution. The incident was the first known malware-facilitated blackout.
ESET said the attack targeting Poland occurred on the 10th anniversary of that event. The security firm provided few other details about the attack other than the malware used has been dubbed DynoWiper.