An American cyber intelligence company says it has linked a cyberattack that took down electricity in Ukraine to a Moscow-based hacker group known as Sandworm, Reuters reported. The cyberattack is the first ever linked to a power outage, an event experts predicted would be the next major escalation in the cybersecurity field.
“We believe that Sandworm was responsible,” John Hultquist, iSight’s director of espionage analysis, said late Thursday in an interview with Reuters. “It is a Russian actor operating with alignment to the interest of the state. Whether or not it’s freelance, we don’t know.”
Hultquist said iSight examined software used in the attack and received intelligence information from “sensitive sources.” Other security firms have also been investigating the attack and linked it to Russia, but iSight is the first group to directly link the attack to the Sandworm hacker group.
The hacker group has been rumored to have ties to Russian government security services. Sandworm has been linked to past cyberattakcs on NATO and the EU as well as additional targets in Ukraine. The Kremlin has not commented on the cyberattack in Ukraine.
Ukrainian security officials blamed the Dec. 23 outage in western Ukraine on Russia. Approximately 80,000 people were without power for six hours. Experts who spoke with International Business Times said the cyberattack in Ukraine could be a retaliation for power outages that have affected the Russian-annexed peninsula of Crimea over the past two months after Ukrainian activists blew up pylons. Relations between Russia and Ukraine are at an all-time low following the annexation of Crimea in March 2014 and the ensuing war in Eastern Ukraine that has pitted government troops against Russian-backed separatists and left more than 9,000 people dead.
The cyberattack on civilian infrastructure outside of a conflict area has raised questions over infrastructure security. An American group, the Electricity Information Sharing and Analysis Center, said members must “do a better job” in defending against potential cyberattacks, but said there was no evidence to suggest the attack in Ukraine would affect America’s electricity grid.