Ukraine blocks VPNFilter attack against core country water system

Russia has been blamed for the cyberattack.

Ukraine's SBU blames Russia for attempt to compromise water filtration systems

Ukraine's Secret Service (SBU) has blamed Russia for a recent attempt to compromise critical water filtration systems in the country.

On Thursday, the SBU alleged in a statement that Russian intelligence services are behind an attempted cyberattack against the network equipment of Aul Chlorotransfer Station, an entity based in the Dnipropetrovsk province which provides chlorination and filtering of clean water supplies.

"Intelligence services specialists in the field of cybersecurity established that, over the course of several minutes, the company's technological process control systems and the systems for detecting signs of emergencies were being attacked by the VPNFilter computer virus from Russia," the report states [translated].

According to the SBU, VPNFilter malware was deployed in an attempt to disrupt this critical element of Ukraine's infrastructure.

VPNFilter was uncovered in May when Cisco Talos researchers discovered 500,000 networking devices -- mainly consumer-grade internet routers -- across 54 countries which had been infected with the malware.

The malicious code is able to exfiltrate credentials, monitor equipment, and can also render an infected device completely inoperable.

Talos believes VPNFilter is state-sponsored due to the sophistication of the malware.

Cisco Talos

VPNFilter has previously been linked to Russia. In May, the FBI warned router users that they should reboot their routers following the Talos report.

See also: IBM: A data breach will now cost your organization $3.86 million, if you're lucky

It is believed that Sofacy, also known as Fancy Bear and APT28, a Russian state-sponsored group, is behind the creation of the malware.

The malicious code's destructive capabilities are of particular concern, should critical infrastructure equipment become infected.

TechRepublic: Report: 52% of companies sacrifice security to expedite projects

The agency said that the "aggressor country" intended to use VPNFilter to bring down the chlorination station, destroying the supply of liquid chlorine for the country's water supply and sewer systems.

The SBU says that "continuation of the cyberattack could have led to a breakdown of technological processes and possible crash."

However, the attack was foiled by localizing the malware and destroying it before the virus spread through the system's network, which prevented "possible catastrophic consequences," according to the SBU.

No further technical details were revealed.

If the attack had been successful, the consequences would have been serious for Ukraine. According to local news outlets, the chlorine distillation station is the only one active in the country.

In 2015, Ukraine suffered a series of power cuts after the country's energy grid was compromised due to cyberattacks.

It is believed that Russia may have been behind the attacks due to the use of the BlackEnergy Trojan, which is similar in design to VPNFilter.

CNET: Apple's USB Restricted Mode can be fooled, security researchers say

Previous and related coverage

Show Comments