How Russian hackers managed to breach Poland's energy grid
What's the story
Poland's Computer Emergency Response Team (CERT) has revealed that suspected Russian government hackers breached parts of the country's energy grid infrastructure. The attack was possible due to poor security measures in place at the targeted systems. The CERT report details an incident from late last year when wind and solar farms were compromised by these hackers, and while a heat-and-power plant was targeted, the attack was stopped there.
Security breach
Hackers exploited basic security flaws
The hackers exploited basic security flaws such as default usernames and passwords, and the absence of multi-factor authentication. The CERT report noted that these systems offered little resistance to the attack. The hackers attempted to deploy wiper malware on the compromised systems with an aim to wipe them clean, possibly even disrupt power supply. However, their efforts were thwarted at the heat-and-power plant but not at wind and solar farms where malware rendered grid control systems inoperable.
Destructive intent
CERT compares attacks to physical world arson
The CERT report described the attacks as "purely destructive in nature," comparing them to deliberate acts of arson in the physical world. Despite their destructive intent, the hackers failed to disrupt power at any of their targeted facilities. Even if they had succeeded, the report clarified that the hack "would not have affected the stability of the Polish power system during the period in question."
Hacking groups
Sandworm or Berserk Bear behind attacks?
Cybersecurity companies ESET and Dragos had earlier blamed Sandworm, a notorious Russian government hacking group with a history of targeting energy infrastructure in Ukraine, for the December 29 attacks. However, Poland's CERT has pointed fingers at another Russian government hacking group called Berserk Bear or Dragonfly. This group is not known for destructive attacks but more traditional cyberespionage activities.