Europe's energy grid on alert as Russian cyber threats loom
The chief threat intelligence advisor at Google, Jamie Collier, reported that Sandworm, a group linked to Russian intelligence, is interested in the energy sector across Europe. Previously, these hackers had infiltrated Ukrainian targets to cause infrastructure damage.
22 November 2024 11:33
The upcoming winter could mobilize hackers working on behalf of the Russian Federation. The Sandworm group, in collaboration with the Kremlin's intelligence, has already demonstrated activity in this field multiple times.
This team, which includes "most skilled, stealthy" experts, is warned about in an interview with Politico by Google's chief threat intelligence advisor, Jamie Collier. "With the onset of winter, that’s clearly a concern," added Collier.
The Sandworm group is one of the Kremlin's most well-known cyber threats, often operating in secrecy. Western intelligence previously linked the group to a 2015 attack that destroyed Ukraine's power grid. It is also credited with disrupting the Ukrainian power grid in 2023.
According to the UK government, Sandworm is part of the Russian military intelligence GRU. Warnings emerge as European state intelligence services investigate the severance of two key undersea telecommunications cables connecting EU countries.
Russian hackers talented and discreet. Google warns against them
Cases of "hybrid" sabotage, disruptions, and digital attacks have been noted since Russia's aggression against Ukraine in 2022. They most frequently occur in countries on Europe's border with Russia.
Google reported in April this year that Sandworm, also known as APT44 or Seashell Blizzard, "remains a formidable threat to Ukraine". "To date, no other Russian government-backed cyber group has played a more central role in shaping and supporting Russia’s military campaign," Google conveyed.
The team is associated with destructive attacks. It is known to be dangerous - efficiently gathering information, representing the highest qualifications, and employing skilled experts. Russia typically combines network breaches with informational operations. For example, deploying "wiper" malware to destroy systems or data. Data is also stolen to pass on to hacking groups.
According to Politico, the lobbying group Eurelectric published a report on Tuesday stating that since 2022, European electricity-related companies have experienced 48 publicly known attacks. Nearly two-thirds of global recorded cyberattacks in 2023 originated from Russia.
European countries do not want to remain helpless against these harmful activities. Cyber Europe, one of the largest cybersecurity initiatives in Europe, conducts resilience tests for the EU energy sector. In June, during a two-day exercise, 30 national cybersecurity incident response teams repelled fictional attacks on energy infrastructure.
