BTW.Media
Strategic Internet IntelligenceMay 12, 2026
Sign InRegister

Trends

A cyberattack knocked out the heating system in Lviv, Ukraine

OURTAKEIn the middle of a bitter winter in Lviv, residents spent two long, cold days without central heating. This was not just a simple technical glitch, but a direct consequence of a cyberattack that ruthlessly cut off people’s source of warmth and exposed them to biting winds. At such moments, pe…

07-23-cyberattack
AuthorRae Li
Reading Time2 min
PublishedJuly 23, 2024
Primary DomainN/A
Content TypeN/A
TopicN/A
EntityN/A
RegionN/A
Time HorizonN/A
ImpactN/A
ConfidenceN/A

Headline

OURTAKEIn the middle of a bitter winter in Lviv, residents spent two long, cold days without central heating. This was not just a simple technical glitch, but a direct consequence of a cyberattack that ruthlessly cut off people’s source of warmth and exposed them to biting…

Context

OURTAKE In the middle of a bitter winter in Lviv, residents spent two long, cold days without central heating. This was not just a simple technical glitch, but a direct consequence of a cyberattack that ruthlessly cut off people’s source of warmth and exposed them to biting winds. At such moments, people are more deeply aware that the importance of cybersecurity is not only about technology, but also about the happiness and security of every individual. -Rae Li, BTW reporter Residents of the Ukrainian city of Lviv were hit by a serious cyberattack in mid-January that knocked out the city’s central heating system and left residents without heat for 2 days. The attack was caused by a piece of malware called FrostyGoop, which specifically targets industrial control systems, particularly heating system controllers. The attack knocked out heating in more than 600 apartment buildings, and residents had to spend nearly 48 hours in subzero temperatures.

Evidence

Pending intelligence enrichment.

Analysis

The attack was detailed in a report by Dragos , a cybersecurity firm. The FrostyGoop malware interacts with Industrial control devices (ICS) via the Modbus protocol which is widely used for device control in industrial environments worldwide. Dragos researchers found that the attackers may have gained access to the targeted network as early as April 2023 and continued to access the network over the following months, finally carrying out the attack through an IP address in Moscow on January 22, 2024. In conclusion, although the attackers used Russian IP addresses, Dragos did not directly blame any specific hacking group or government, as no direct link to previous campaigns or tools was found. Also read: Indonesian cyberattack exposes rising threats in Southeast Asia Also read: Cyberattack disrupts CDK Global systems, impacting thousands of retailers

Key Points

  • In the Ukrainian city of Lviv, residents has to endure freesing temperatures without central heating for 2 days in mid-January due to a cyberattack against the municipal energy company.
  • Cyber security firm Dragos has published a report detailing new malware called FrostyGoop, which is designed to target industrial control systems, particularly heating system controllers, noting that this is the 3nd known incident of a cyber attack against critical…

Actions

Pending intelligence enrichment.

Author

Rae Li (rae.li@btw.media)· author profile pending