Confirmed: Ukraine Power Outage Caused by Cyber Attack

The high profile power outage that struck Ukraine in December, leaving 225,000 people in the dark was the result of a cyber attack, the US Department of Homeland Security confirmed on Thursday.

The US government has officially concluded that the power blackout suffered by Ukraine in December 23 2015 was due to a malicious cyber attack. The incident, which made for global headlines, is the first known successful cyber intrusion to take down a power grid, as reported by Reuters.

The alert published by the DHS’s Industrial Control Systems Cyber Emergency Response Team does not attribute a reason for the cyberattack. However, iSight Partners, a US cyber intelligence firm as well as other security researchers have pointed fingers toward a Russian hacking group called “Sandworm.”

The attackers are believed to have employed a malware called BlackEnergy. The malware enabled the hackers to gain a thorough foothold over the utility company’s systems.

The assessment, DHS said, was based on separate interviews with six Ukrainian organizations that were affected during the blackout. During the attack, the DHS said that hackers remotely switched the circuit breakers in a manner that knocked the power offline after the installation of malware. Following this, the hackers are believed to have used a wiper utility called KillDisk to curb recovery efforts. Distributed denial of service attacks followed, preventing the power company personnel from receiving customer communication.

A report in January deemed that the cyberattack was “planned and coordinated” with at least three components in the overall plan. The malware, followed by the denial of service attack targeting the phone system and the missing piece of evidence of the final cause of impact.

An excerpt from the SANS report read:

The malware also appears to have been used to wipe files in an attempt to deny the use of the SCADA system for the purposes of restoration to amplify the effects of the attack and possibly to delay restoration

Moreover, the attackers are also believed to be complicit in spamming the Ukraine utility’s customer service number with relentless phone calls. This kept real customers from communicating to the utility to communicate to them about the power outage, a report stated.

Image credit: Pexels.