Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Ukraine Power Company Confirms Hackers Caused Outage

The investigation is ongoing, but Ukraine’s national power company Ukrenergo has confirmed that the recent electricity outage in the Kiev region was caused by a cyberattack.

The investigation is ongoing, but Ukraine’s national power company Ukrenergo has confirmed that the recent electricity outage in the Kiev region was caused by a cyberattack.

In a statement emailed to SecurityWeek on Thursday, Ukrenergo said a preliminary analysis showed that the normal operation of workstations and SCADA servers had been disrupted due to “external influences.”

The analysis indicates that the incident, described as a planned and layered intrusion, involved malware that allowed the attackers to remotely control internal systems. Investigators are in the process of establishing a timeline of events and identifying compromised accounts, points of entry, and devices infected with malware that may be lying dormant.

Ukrenergo is confident that the results of this investigation will help the company implement organizational and technological measures that would help prevent cyber threats and reduce the risk of power failure.

The incident took place on the night between December 17 and 18 at the substation in Pivnichna, causing blackouts in the capital city of Kiev and the Kiev region. Power was fully restored after just over an hour.

Ukrenergo officials immediately suspected external interference and brought in cybersecurity experts to conduct an investigation.

One of the experts involved in the probe told the BBC that the 2016 attacks were more sophisticated and better organized compared to the ones launched in December 2015. It also appears that several threat groups had worked together, and they may have tested techniques that could be used in other campaigns as well.

Russia is again the main suspect, the country being blamed for many of the cyberattacks launched recently against Ukraine.

A report published in October by Booz Allen Hamilton showed that the December 2015 attacks on Ukraine’s electric grid were part of a long-running campaign that also targeted the railway, media, mining and government sectors.

In the meantime, researchers continue to monitor KillDisk, one of the pieces of malware involved in the 2015 attack. They recently discovered that the destructive malware had turned into ransomware and started infecting Linux machines as well.

Related: U.S. Electric Grid – America the Vulnerable

Related: Ukraine Accuses Russia of Cyber Attack on Kiev Airport

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.