US Suspects Russian Hackers in Unprecedented Ukraine Blackout

Workers repair an electricity power line damaged during shelling near a power station outside the city of Slovyansk, Donetsk Region, eastern Ukraine Thursday, July 10, 2014.

Dmitry Lovetsky/AP

AA Font size + Print

Workers repair an electricity power line damaged during shelling near a power station outside the city of Slovyansk, Donetsk Region, eastern Ukraine Thursday, July 10, 2014.

It’s a scenario that has long worried cyber security experts.

Experts say they have established the world’s first known case of a cyber attack on a power grid, which cut power to more than 600,000 homes in Ukraine in late December. US intelligence agencies and cyber security experts are looking to Russia as the likely source of the attack.

Prykarpattyaoblenergo, an energy company in the Ivano-Frankisvk region of western Ukraine, said on Dec. 23 that a blackout in a large part of the area where it delivers electricity was caused by an “interference” in its systems.

Ukraine’s security service and government blamed Russia for the attack, and launched an investigation. According to Shane Harris at The Daily Beast, experts at the CIA, National Security Agency and the Department of Homeland Security are also investigating whether samples of malware recovered from the company’s network indicate that the blackout was caused by hacking and whether it can be traced back to Russia. If confirmed, it would be the first international cyber attack to cause a power outage.

On Monday, Jan. 4, researchers from the global cyber security company iSIGHT and antivirus firm ESET claimed they had samples of the malicious code that affected three of the region’s power companies, causing “destructive events,” Ars Technica reported.

It’s a scenario that has long worried cyber security experts. “It’s a milestone because we’ve definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout,” John Hultquist, director of cyber espionage analysis at iSIGHT told Ars Technica.

Experts say that the malware they found is a virus called BlackEnergy, which has been used in the past to sabotage companies and news organizations, including in the US. The virus has since been updated, acquiring new malicious capabilities.

Analysts at iSIGHT say the group behind the virus, which they have called “the Sandworm gang,” targeted NATO, Ukraine, Poland and European industries in 2014.

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.