VERY IMPORTANT

The Governmental Computer Emergency Response Team of Ukraine CERT-UA has taken urgent measures to respond to an information security incident related to a targeted attack on Ukraine's energy facility. The idea of ​​the attackers involved the decommissioning of several infrastructural elements of the object of attack, namely: high-voltage electrical substations - using the malicious program INDUSTROYER2; moreover, each executable file contained a statically specified set of unique parameters for the respective substations (file compilation date: 23.03.2022); electronic computers (computers) running the Windows operating system (user computers, servers, as well as automated workstations ACS TP) - using malicious software-destructor CADDYWIPER; in this case, the decryption and launch of the latter involves the use of the ARGUEPATCH loader and the TAILJUMP silkcode; server equipment running Linux operating systems - using malicious destructive scripts ORCSHRED, SOLOSHRED, AWFULSHRED; active network equipment.