Last month, the Ukraine’s power grid suffered an outage that left thousands of homes without electricity. The outage only lasted a few hours, but the cause of the problem had security officials worried. It turns out that Ukraine became the first country to suffer power failure that was caused by a sophisticated cyber attack on its national power grid.
Roughly half the homes in the Ivano-Frankivsk (which has a population of over 200,000 people) were left without power on 23 December when three electrical substations became disconnected. Ukrainian news service TSV reported that this was caused by malware infecting the system, a claim that was backed up by security firm iSIGHT partners. Both these reports have now been corroborated by industrial security firm SANS ICS.
At the heart of the attack was “BlackEnergy”, a piece of malware that dates back to 2007. The version used in the 2015 attack seems to have been updated with new functions, some of which are suspected of allowing it to cripple the power stations. Once the substations had been disabled, the malware used a component called KillDisk; which proceeded to wipe the computers on the network and hamper recovery efforts.
To further delay any response, the mysterious attackers launched a DDoS attack on the power company; preventing it from receiving reports of power outages in the target region.
While the security companies have confirmed that it was a malware attack that crippled the power grid, it has not discovered the identity of the attackers. Some speculate that it this is the work of Russian state sponsored hackers; a accusation that is not entirely unfounded considering the current political atmosphere in the region.
Security companies have been warning about the possibility of malware being used against utilities like power companies, and it looks like those predictions have just come true.