February 26, 2016 by

Confirmed: Ukraine Power Outage Caused by Cyber Attack

The high profile power outage that struck Ukraine in December, leaving 225,000 people in the dark was the result of a cyber attack, the US Department of Homeland Security confirmed on Thursday.

The US government has officially concluded that the power blackout suffered by Ukraine in December 23 2015 was due to a malicious cyber attack. The incident, which made for global headlines, is the first known successful cyber intrusion to take down a power grid, as reported by Reuters.

The alert published by the DHS’s Industrial Control Systems Cyber Emergency Response Team does not attribute a reason for the cyberattack. However, iSight Partners, a US cyber intelligence firm as well as other security researchers have pointed fingers toward a Russian hacking group called “Sandworm.”

The attackers are believed to have employed a malware called BlackEnergy. The malware enabled the hackers to gain a thorough foothold over the utility company’s systems.

The assessment, DHS said, was based on separate interviews with six Ukrainian organizations that were affected during the blackout. During the attack, the DHS said that hackers remotely switched the circuit breakers in a manner that knocked the power offline after the installation of malware. Following this, the hackers are believed to have used a wiper utility called KillDisk to curb recovery efforts. Distributed denial of service attacks followed, preventing the power company personnel from receiving customer communication.

A report in January deemed that the cyberattack was “planned and coordinated” with at least three components in the overall plan. The malware, followed by the denial of service attack targeting the phone system and the missing piece of evidence of the final cause of impact.

An excerpt from the SANS report read:

The malware also appears to have been used to wipe files in an attempt to deny the use of the SCADA system for the purposes of restoration to amplify the effects of the attack and possibly to delay restoration

Moreover, the attackers are also believed to be complicit in spamming the Ukraine utility’s customer service number with relentless phone calls. This kept real customers from communicating to the utility to communicate to them about the power outage, a report stated.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Data Theft and Departing Employees – Why it Matters (Part 2)

In this article, LIFARS outlines the best practices toward protecting your organization from data...

Read more arrow_forward

SEC Publishes Guidance on Cybersecurity Breach Disclosures

In the aftermath of the sweeping, infamous breach of Equifax, the SEC has now provided additional...

Read more arrow_forward

Popular Freeware Site Download.com Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward