Ukrainian DTEK energy company attacked by Russian hackers
According to CNN’s Sean Lyngaas, Ukraine’s private energy company DTEK Group said on Friday (July 1) that Russian hackers carried out a “cyberattack” on the country’s largest private energy group in order to Retaliation for its owner against Russia’s war in Ukraine. According to reports, Ukraine has been repeatedly attacked by Russian cyberattacks. They have tried their best to do data protection, but there is still no way to avoid being attacked.
DTEK Group, which owns coal and thermal power plants across Ukraine, said the hackers aimed to “disrupt the technical processes of its distribution and generation companies”, spread propaganda about the company’s operations and “keep Ukrainian consumers away” without Electricity. “
The actual impact of the hack and which computer systems were compromised are unclear. There have been no reports of power outages resulting from the incident. DTEK did not respond to a request for comment.
The hack came days after Rinat Akhmetov, Ukraine’s richest man and owner of DTEK, filed a lawsuit against Russia at the European Court of Human Rights for allegedly causing Akhmetov’s billions of dollars in property damage.
A Russian-speaking hacking group called SeNet claimed to have hacked into DTEK’s network this week, posting screenshots of purported DTEK data on the Telegram app as evidence. The hacking group surfaced in March and claimed to have targeted Ukrainian officials supporting the Russian war, based on consultations with U.S. and allied governments.
XakNet has obtained data belonging to a group that may have been hacked by a Russian cyberespionage group, suggesting a possible link between SeNate and the Russian government, said Alden Wahlstrom, a senior analyst at U.S. cybersecurity firm Mandiant, which investigated some of JaNet’s Activity.
Mandiant believes that XakNet and a similar group called Killnet directly coordinated some of their activities, although it is unclear whether Killnet is supported by Russian authorities. Hacker activists are often motivated by political or social reasons rather than financial or personal gain.
XakNet mocked and denied claims of cooperation with the Russian government on its Telegram channel.
XakNet threatened to target Ukrainian groups in response to attacks on Russia. The United States and its intelligence allies recently said that XakNet and other agencies pose a cyber threat to critical infrastructure “in response to unprecedented economic sanctions imposed on Russia and material support from the United States and its allies and partners.”
CNN has asked the Russian embassy in Washington for comment.
According to DTEK, the hack coincided with the Russian shelling this week of a DTEK-owned thermal power plant in Kryvyi Rih, central Ukraine, whose website says it employs 56,000 people.
In an April report, Microsoft noted that Russian hacking was sometimes used in conjunction with kinetic military strikes. A Ukrainian broadcaster was hit by a cyber attack on March 1, the same day that Russian missiles hit a TV tower in Kyiv, the report said.
Ukrainian energy suppliers have been targeted by Russian hacking teams since Russia annexed Crimea in 2014. The U.S. Justice Department has accused Russian military intelligence of launching cyberattacks on power companies in 2015 and 2016 that knocked out power in parts of Ukraine.
The same Russian hacking group allegedly targeted electrical equipment in a region of Ukraine serving 2 million people in April, but Ukrainian officials claim the hack was thwarted.
“The company made every effort to ensure the stable operation of the Ukrainian energy system during the war and to ensure an uninterrupted supply of electricity to Ukrainian consumers,” DTEK said in a statement on Friday.
The statement noted that the Russian Federation carried out a cyberattack on the IT infrastructure of the DTEK Group.
Attackers aim to disrupt the technical processes of power generation and distribution companies and undermine Ukraine’s energy security, as well as to spread known false information about the company’s work through state propaganda agencies, thereby leaving Ukraine consumers without electricity.
At the same time that Kryvorizka was hit by a terrorist missile, the company recorded another attempt to attack the company’s digital infrastructure.
This is not the first large-scale attempt by hostile cybercriminals to interfere in the work of Ukraine’s energy system. In 2016, similar attacks destabilized energy systems and some energy distribution companies.
In March of this year, we recorded a massive outbreak of enemy cyber activity while we were actively working on the Stop Bloody Energy project. This initiative has been actively supported by society and the global online community. As a result of the cessation of Bloody Energy, many big investors have withdrawn from the energy industry projects of the aggressor countries.
The special activity of the enemy in the attack on DTEK facilities can be explained by the firm and active stance of the company shareholder Rinat Akhmetov on Russia’s brutal war against Ukraine, massive aid to the Ukrainian army and support for the Ukrainians.
DTEK works with Ukrainian authorities and international partners to investigate the conduct of hostile cybercriminals, using its findings and experience to help strengthen the country’s IT security.
The company made every effort to ensure the stable operation of the Ukrainian energy system during the war and to guarantee an uninterrupted supply of electricity to Ukrainian consumers.
In the cyberattack on the Ukrainian energy sector, as well as the attack on a Ukrainian nuclear power plant mentioned in a recent Microsoft report, Russia allegedly used a coordinated physical and cyber attack, both online and offline. But Microsoft’s report did not disclose evidence. Therefore, this claim has also been widely questioned by cybersecurity researchers.
It is reported that DTEK is a Ukrainian energy giant, involved in coal, oil, renewable energy and other fields. About a quarter of the country’s power stations are operated by this company.
The Ukrainian grid was originally connected to the Russian and Belarusian grids. Earlier in February 2022, before the start of the Russian-Ukrainian war, Ukraine cut off the connection with the power grids of the two countries and conducted independent power supply tests. Later, it hopes to connect its own power grid to a European power supply network.
On February 26, the beginning of the military operation, it was reported that the CEO of the Ukrainian company DTEK said that Russia was not currently targeting critical infrastructure.
Cyber attacks cannot be stopped in a single day. Long-term commitment to data security is necessary to avoid harm from cyberattacks. For successful data security, long-term data backup is required. Traditional data backup methods are becoming more inadequate for business objectives as modern companies and the volume of firm data expand. As a result, many firms will choose virtual machines for backup, such as VMware Backup or Hyper-V Backup.