Ukraine says it stopped a Russian cyberattack on a power grid.
Ukrainian officials said on Tuesday that they had foiled an attack on a power company by a hacking unit with links to Russia’s largest military intelligence agency, an attempt that a cybersecurity company said aimed to cut power with a new version of malware used to do so in Ukraine’s capital, Kyiv, eight years ago.
Attacks on Ukraine’s power grid have been successful at least twice before — with a hack in 2015 leaving more than 225,000 people without power — and online attacks are increasingly used alongside traditional warfare. Just days before the Russian invasion began on Feb. 24, Ukraine said it had suffered its biggest cyberattack, against its Defense Ministry, army, and two big banks.
Ukraine’s Computer Emergency Response Team said in a statement that hackers had planned on Friday to switch off some substations. It did not identify the targets or say how officials had stopped the attack. But the Ukrainians accused Sandworm, a Russian hacking unit that has been linked to the G.R.U., a Russian military agency, of being behind the attempt.
The attack on the power company came in two steps, according to the statement: First, the hackers infiltrated computers in February or earlier; then, on Friday, they tried to schedule a power shut-off. Ukrainian investigators said in the statement that they had worked with Microsoft and ESET, a Slovak cybersecurity company.
Ukrainian officials contacted ESET on Friday, Jean-Ian Boutin, the company’s director of threat research, said in an email. The company then analyzed samples provided by the Ukrainian team and relayed its analysis, he said.
ESET said on its website that it had “high confidence” that Sandworm was responsible for the attack. It said the group had targeted high-voltage substations using a new version of malware that Sandworm used to cut power in Kyiv in 2016.
The Slovak company said the hackers had also tried to deploy malware that was used against a Ukrainian bank. It said investigators did not know how the hackers had gained access to the power company’s substations.
Microsoft declined to comment on the specific hacking attempt. The company instead shared a blog post from Thursday in which it detailed how it had helped stop attacks in Ukraine by Strontium, another group linked to the G.R.U.
A painting owned by a Russian oligarch that was seen by over 1.2 million people who visited a blockbuster art show in Paris will not be returning to Russia for the foreseeable future, a spokesman for France’s culture ministry said on Monday.
The 1912 artwork, “Self-Portrait,” by the Russian avant-garde painter Pyotr Konchalovsky, is owned by Petr Aven, a director of one of Russia’s largest banks. After Russia invaded Ukraine in February, Mr. Aven became one of the first Russian businessmen to fall under European Union sanctions.
A spokesman for France’s culture ministry said in an email that the painting, whose seizure was first reported by French newspapers on Saturday, “will remain in France as long as its owner, a Russian oligarch, remains subject to an asset freeze.” Another painting — “Portrait of Timofei Savvich Morozov” (1891), by Valentin Serov — may also be kept in France because it is also connected to an oligarch, the ministry said.
The Serov painting is owned by the Museum of Avant‑Garde Mastery, the name for a collection of artworks belonging to Viatcheslav Moshe Kantor. Mr. Kantor is the largest shareholder of a Russian fertilizer company and is subject to European and British sanctions.
The spokesman declined to say where the works were being held, “for obvious security reasons.”
Until Apr. 3, the two paintings had been on display at the Louis Vuitton Foundation in Paris as part of “The Morozov Collection: Icons of Modern Art,” a huge exhibition of works that once belonged to the Russian textile magnates Ivan and Mikhail Morozov. Their collection, which includes works by Gauguin, Van Gogh, and Picasso, was expropriated about a century ago, after the October Revolution, and became state property.
Most of the paintings in the show came from Russian state museums, including the State Hermitage Museum, in St. Petersburg, and the Pushkin State Museum of Fine Arts, in Moscow. Under a 1994 French law designed to encourage international art loans, those works cannot be seized by French authorities, because they were lent by a foreign government, said Freda Matassa, an art consultant who has helped develop a similar anti-seizure law in Britain.
But, Ms. Matassa said, the French law does not apply to works owned by private individuals.
Representatives of Mr. Aven and the Museum of Avant-Garde Mastery did not respond to requests for comment. A spokeswoman for the Louis Vuitton Foundation said it would not comment, either.
Even before the seizures, some art shipment firms expected “Morozov Collection” works to experience difficulties returning to Russia, because the war in Ukraine has interrupted traditional routes for air and road freight. The most direct route into Russia from Western Europe is now via Finland, yet last week, Finnish customs officials impounded three shipments of fine art at the border between the two countries, suspecting that the cargo breached European Union sanctions. The works were swiftly released when it became apparent they fell outside the sanctions’ scope.
The French culture ministry said it was also keeping the third painting from “The Morozov Collection” in Paris for safety reasons. That work, “Portrait of Margarita Kirillovna Morozova” (1910), by Serov, belongs to the Dnipropetrovsk Art Museum, in the eastern Ukraine city of Dnipro, which is expected to soon be the subject of a Russian assault. Ukrainian authorities requested the painting remain in Paris until it is safe for it to be returned, the culture ministry spokesman said.
The seizure of the Konchalovsky painting is not the first time Mr. Aven’s connections to the art world have made news since Russia’s invasion began. Just days after the war started, Mr. Aven stepped down as a trustee at the Royal Academy of Arts in London, one of the city’s oldest art museums. The academy also announced it would be returning the money he paid to sponsor a major exhibition of Francis Bacon's paintings.
Mr. Aven told the Financial Times last month that the sanctions against him were without merit. “If the court decides you are corrupt, there is dirty money, absolutely understandable,” he said. “But this, I just don’t understand.”
