The Ukrainian Secret Service (SBU) said today it stopped a cyber-attack with the VPNFilter malware on a chlorine distillation plant in the village of Aulska, in the Dnipropetrovsk region.
“The continuation of the cyberattack could have led to a breakdown of technological processes and possible crash,” the SBU said today in a press release in which it accused Russia of operating the malware and launching the attack.
No other technical details were included in the SBU announcement in regards to how the cyber-attack unfolded.
Malware infected plant’s routers
VPNFilter is a malware strain that targets a large number of router models. It’s a modular threat that can survive router reboots and that can monitor and intercept traffic passing through the router and look for signs of traffic meant for Modbus-based industrial SCADA equipment. The malware can also temporarily brick the device it infects.
In the case reported by the SBU, the malware has most likely infected the chlorine distillation station’s networking equipment.
The danger here lies in the malware’s ability to detect a “sensitive” target and warn its operators, who can use it to pivot inside the infected organization and launch further attacks.
The group behind VPNFilter isn’t your regular botnet herder, but an advanced nation-state actor, known as APT28, according to the FBI, and believed to be a unit of Russia’s military intelligence services.
Chlorine station makes a perfect target
Ever since its silent war with Russia that started in 2014 after Russia’s annexation of Crimea, Ukraine has been under a barrage of cyber-attacks, such as the…