Ukrainian law enforcement personnel thwarted a digital attack that targeted equipment owned and operated by a chlorine station.

According to Interfax, the Security Service of Ukraine (SUB) detected an attempt to attack the LLC Aulska chlorine station. Located in the village of Auly in the Dnipropetrovsk region, the station functions as critical infrastructure in providing chlorine for the treatment of water and sewage across the country.

Agents with the government security agency determined that the attack had originated from Russian special forces. Those attackers’ purpose, reported Interfax, was to undermine the stability of the station’s operations using VPNFilter.

Similar to Mirai, VPNFilter is a type of botnet that targets Internet of Things (IoT) devices like routers and network storage access (NAS) devices. Security researchers spent months investigating the threat in 2018 and determined that it likely operates under the control of a sophisticated threat actor that goes by the names APT28, Pawn Storm, Sandworm, Fancy Bear and Sofacy. They also discovered that VPNFilter had infected half a million IoT products in what Ukrainian officials believe were Russia’s preparations for a digital attack.

It didn’t take long for SUB to figure out what had happened at the LLC Aulska chlorine station. As quoted from a post on SUB’s Facebook page:

Specialists of the cyber security service established minutes after [the incident] that the enterprise’s process control system and system for detecting signs of emergencies had deliberately been infected by the VPNFilter computer virus originating from Russia. The continuation of the cyber attack could have led to a breakdown in technological processes and a possible accident.

As of this writing, the exact details of the attackers’ infiltration into the chlorine station are unclear.

This attempted attack demonstrates how critical infrastructure organizations need to protect their (Read more...)