Hackers shut down Ukraine power grid

high voltage powerlines image www.energy-options.info

Hackers brought down the power supply to hundreds of homes in Ukraine last week, in a cyber attack believed to be the first ever to result in a power outage.


The Ukrainian energy ministry said it was probing a “suspected” cyber attack on the power grid, targeting several regional power companies, which the country’s intelligence service blamed on “Russian special services”. Moscow has not responded to the allegation.

John Hultquist, head of cyber espionage intelligence at iSight partners, a US-based threat intelligence company, said it was the first time the cyber security industry had seen a cyber attack result in the shutdown of power.

Experts have warned for years that the industrial systems that control critical infrastructure such as power plants are vulnerable. Malicious software, known as malware, has previously been discovered on these networks, but no one has yet linked these infections to an outage.

Mr Hultquist said that the versions of the malware used in the attack, called BlackEnergy, point to Russian hackers known as the Sandworm team who have previously infected power suppliers in the US and Europe. The malware was found in the west in 2014 and is thought to have been wiped from the targets’ networks.

“We believe they have already successfully intruded into US and European systems so the fact they have just demonstrated they have the wherewithal to turn the lights off is a pretty big deal,” he said.

Slovakian antivirus software firm Eset also said that it had found evidence of BlackEnergy being used in attacks on Ukrainian energy companies, which it said was focused on destruction rather than just deleting documents.

Destructive malware is becoming more popular with hackers. It was used in the infamous 2012 attack on oil producer Saudi Aramco, which wiped 35,000 computers across its network, and the attack on Sony Pictures, believed to be carried out by North Korea.

However, it is now also being used by cyber criminals demanding ransoms from companies and individuals by threatening to destroy key data on their networks.

Ukraine’s energy ministry said last week that it was setting up a commission to probe the suspected attack just before Christmas. The country’s SBU intelligence service earlier said in a brief statement that it had found malicious software in computer networks of some regional power companies.

It said that the “virus attack” had been accompanied by “floods” of calls to the companies’ technical support numbers.

Prykarpattyaoblenergo, a power company in western Ukraine, said that a “large-scale breakdown” had left several districts without power for hours on December 23, which it blamed on “interference”. The area included the regional capital, Ivano-Frankivsk, a city of 1.4m people.

Oleg Senik, the company’s technical director, was quoted as saying that the company was still investigating the cause, but “so far the most likely version is interference in the workings of the automated control systems”. He said that repair teams were having to restore power “manually” at substations.

Kyivoblenergo, which supplies the region outside the Ukrainian capital, said on its website that it had suffered a “technical failure in its control infrastructure” on the same day.

Tensions between Ukraine and Russia have eased slightly since September as fighting has died down between Russia-backed separatists and Ukrainian forces in breakaway regions in the east of the country.

But they flared again in recent weeks after unidentified saboteurs brought down Ukrainian electricity supply lines carrying power to Crimea, plunging much of the Black Sea peninsula — which Russia annexed in 2014 — into darkness.


Henry Sapiecha

Leave a Reply