Analysis
Attacks and Vulnerabilities
Critical infrastructure
News
Threat Landscape
Vulnerabilities

Russia said to be preparing mass cyberattacks on critical infrastructure facilities in Ukraine

September 28, 2022
Russia said to be preparing mass cyberattacks on critical infrastructure facilities in Ukraine

The Ukrainian government said that the Kremlin is planning to carry out massive cyberattacks on the critical infrastructure facilities in Ukraine and critical infrastructure institutions of Ukraine’s allies. 

“By the cyberattacks, the enemy will try to increase the effect of missile strikes on electricity supply facilities, primarily in the eastern and southern regions of Ukraine,” according to a notice posted by the Defence Intelligence of Ukraine, on Monday. “The occupying command is convinced that this will slow down the offensive operations of the Ukrainian Defence Forces. The kremlin also intends to increase the intensity of DDoS attacks on the critical infrastructure of Ukraine’s closest allies, primarily Poland and the Baltic states,” it added.

The advisory from the Ukraine government also said that it expects initial attacks will be aimed at enterprises in the energy sector. “The experience of cyberattacks on Ukraine’s energy systems in 2015 and 2016 will be used when conducting operations,” the notice added.

The advisory comes as three offshore lines of the Nord Stream gas pipeline system on the bed of the Baltic Sea sustained ‘unprecedented’ damage in one day, Nord Stream AG, the network operator, reportedly said on Tuesday.

The bulletin was published after Sweden’s Maritime Authority issued a warning about two leaks in the Nord Stream 1 pipeline, shortly after a leak on the nearby Nord Stream 2 pipeline was discovered that prompted Denmark to restrict shipping in a five-nautical mile radius. 

Nord Stream said it was impossible to estimate when the gas network system’s working capability would be restored.

In a Monday statement, the gas operator said that “the dispatchers of the Nord Stream 1 control center registered a pressure drop on both strings of the gas pipeline. The reasons are being investigated.”

“Russia has shown an intent since their invasion to disrupt the critical infrastructure of Ukraine as part of an effort to hinder their defense – this includes the attacks against the Viasat communications network on the day of the invasion, as well as the deployment of Industroyer2 Wiper malware in April,” Toby Lewis, global head of threat analysis at Darktrace, wrote in an emailed statement. “With effective counter-attacks by Ukrainian defenders pushing Russian troops further back and with increasing political and public unrest over the recent mobilization proclamation, Russia is increasingly looking at the remaining cards it can play, and cyber-attacks have the potential to provide quick wins with no human cost for Russia.” 

Lewis also pointed out that the Ukrainian government has recently been able to get ahead of the attackers to issue a fairly specific warning before an attack has commenced. “This demonstrates the use of intelligence, possibly supported by allied partners across Europe and NATO, to be able to see inside the planning and preparation of cyber operations and potentially provide tangible resilience against future attacks,” he added.

Tom Kellermann, senior vice president of cyber strategy at Contrast Security, wrote in an emailed statement that geopolitical tension has reached a tipping point. “Just hours after the Ukrainian warning about attacks against critical infrastructure, Russia sabotaged the gas pipeline to Europe last night.” 

“Much like we saw a wave of destructive cyberattacks in January, a dramatic escalation is occurring as Russia’s gloves are off,” according to Kellermann. “We should expect a wave of destructive cyberattacks against western critical infrastructure. Cybersecurity teams must test their backups, expand threat hunting for groups like Sandworm, APT 28, Gameredon, and APT 29, apply micro-segmentation and apply runtime protection across their applications.”

In July, the U.S. Cybersecurity and Infrastructure Agency (CISA) and the Ukrainian State Service of Special Communications and Information Protection of Ukraine (SSSCIP) signed a Memorandum of Cooperation (MOC) to strengthen collaboration on shared cybersecurity priorities. The memorandum expands upon CISA’s existing relationship with the Government of Ukraine in information exchanges and sharing best practices on cyber incidents, critical infrastructure security technical exchanges, cybersecurity training, and joint exercises.

Last week, U.S. cybersecurity agencies published a joint cybersecurity advisory covering control system defense for operational technology (OT) and industrial control systems (ICS). The guidance gives critical infrastructure owners and operators an understanding of malicious cyber attackers’ tactics, techniques, and procedures (TTPs). It also revealed that asset owners and operators cannot prevent malicious hacker attacks from targeting their systems, but they can prioritize mitigation actions.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow's emergency detection systems
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow’s emergency detection systems
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations