A cyberattack may have caused the power outage that occurred in Ukraine late on Saturday, according to the country’s national energy company Ukrenergo.
In a statement published on its website on Sunday, Ukrenergo said the outage occurred on Saturday, near midnight, at the North (Petrivtsi) substation, causing blackouts in the capital city of Kiev and the Kiev region.
Ukrenergo Acting Director Vsevolod Kovalchuk said workers switched to manual mode and started restoring power after 30 minutes. Power was fully restored after just over an hour, Kovalchuk said.
The statement published by Ukrenergo names equipment malfunction and hacking as the possible causes. However, in a message posted on Facebook, Kovalchuk said the main suspect was “external interference through the data network.” The organization’s cybersecurity experts are investigating the incident.
Roughly one year ago, the Ukrainian security service SBU accused Russia of causing outages with the aid of malware planted on the networks of several regional energy companies.
Researchers determined that these attacks involved two main pieces of malware: the BlackEnergy Trojan and KillDisk, a plugin designed to destroy files and make systems inoperable. The attackers directly interacted with the system in order to cut off the power supply, and they used KillDisk to make recovery more difficult, experts said.
In the 2015 attacks, power companies restored service within 3-6 hours by switching to manual mode, just like in the latest incident.
A report published recently by Booz Allen Hamilton revealed that the 2015 cyberattacks were likely part of a two-year campaign that targeted several sectors in Ukraine. Researchers identified 11 attacks aimed at the electricity, railway, media, mining and government sectors.
While experts have not found any hard evidence linking these attacks to Russia, the attackers’ significant resources appear to indicate the involvement of a nation state, and the threat actor’s goals align with Russian political interests.
Related: U.S. Electric Grid – America the Vulnerable
Related: Ukraine Accuses Russia of Cyber Attack on Kiev Airport
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
- CISA, NSA Issue Guidance for IAM Administrators
