Russia-Backed APT28 Tried to Attack a Ukrainian Critical Power Facility

Written by

Ukraine’s Computer Emergency Response Team (CERT-UA) issued an alert on September 5, 2023, about a cyber-attack attempted by Russian threat actor APT28 against a Ukrainian critical power infrastructure facility.

The perpetrators planned to implement their intent using bulk emails from a fake address and a link to a ZIP archive, which, when opened, could have granted them access to the organization’s systems and data.

They used legitimate services such as Mockbin and standard software functions to carry out the attack.

The attack was prevented by Ukraine’s cybersecurity services.

According to Joe Slowik, a threat intelligence manager at Huntress, while concerning, the attempt looks more like the threat actor was enabling actions for future operations rather than aiming at direct disruption.

“This would align with APT28, as opposed to [its Russian counterpart] Sandworm,” Slowik added on X (formerly known as Twitter).

The АРТ28 hacking group, also known as Pawn Storm, Fancy Bear and BlueDelta, is allegedly associated with Russian special services, specifically Russia’s GRU Unit 26165.

CERT-UA detected APT28 attempted attacks targeting Ukrainian organizations in April, June and July 2023.

In August, a report from the National Security and Defense Council of Ukraine highlighted intensified cyber espionage activities amid Ukraine’s counter-offensive operations by Russian APT group Gamaredon.

Read more: Five ICS Security Challenges and How to Overcome Them

What’s hot on Infosecurity Magazine?