A cyberattack may have caused the power outage that occurred in Ukraine late on Saturday, according to the country’s national energy company Ukrenergo.
In a statement published on its website on Sunday, Ukrenergo said the outage occurred on Saturday, near midnight, at the North (Petrivtsi) substation, causing blackouts in the capital city of Kiev and the Kiev region.
Ukrenergo Acting Director Vsevolod Kovalchuk said workers switched to manual mode and started restoring power after 30 minutes. Power was fully restored after just over an hour, Kovalchuk said.
The statement published by Ukrenergo names equipment malfunction and hacking as the possible causes. However, in a message posted on Facebook, Kovalchuk said the main suspect was “external interference through the data network.” The organization’s cybersecurity experts are investigating the incident.
Roughly one year ago, the Ukrainian security service SBU accused Russia of causing outages with the aid of malware planted on the networks of several regional energy companies.
Researchers determined that these attacks involved two main pieces of malware: the BlackEnergy Trojan and KillDisk, a plugin designed to destroy files and make systems inoperable. The attackers directly interacted with the system in order to cut off the power supply, and they used KillDisk to make recovery more difficult, experts said.
In the 2015 attacks, power companies restored service within 3-6 hours by switching to manual mode, just like in the latest incident.
A report published recently by Booz Allen Hamilton revealed that the 2015 cyberattacks were likely part of a two-year campaign that targeted several sectors in Ukraine. Researchers identified 11 attacks aimed at the electricity, railway, media, mining and government sectors.
While experts have not found any hard evidence linking these attacks to Russia, the attackers’ significant resources appear to indicate the involvement of a nation state, and the threat actor’s goals align with Russian political interests.