3 min read

Hackers suspected of causing power outage in Ukraine

Graham CLULEY

December 20, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hackers suspected of causing power outage in Ukraine

This weekend houses and businesses in parts in the northern part of Kiev were plunged into darkness after the electricity supply was unexpectedly cut off.

Authorities are investigating whether the unexpected power outage in Ukraine’s capital could be the latest in a series of hacking attacks which have struck the country’s electric grid and financial infrastructure in the last year.

Although the reason for the outage is not yet confirmed, investigators have said that the leading theory is that the energy grid was struck by a hacking attack, perhaps similar to the one which managed to shut down the power grid in December 2015.

The impacted energy company, Kyivenergo, confirmed that the power outage was unplanned and that it had taken action to restore electricity to its customers. Indeed, it sounds like Kyivenergo did a good job – recovering from the power blackout and restoring energy to households and companies in little more than an hour after the incident.

In a Facebook post, Vsevolod Kovalchuk of Kyivenergo pointed the finger of blame for the outage on “external interference through data network”:

ukraine-statement-1

“Don’t blame Kyivenergo. This time they have no guilt.”

Kovalchuk told Reuters that the outage was considerable, amounting to 200 megawatts of capacity, equivalent to about a fifth of the capital’s night-time energy consumption.

“That is a lot. This kind of blackout is very, very rare.”

Infamously, just before Christmas 2015, power companies in Ukraine were targeted by a malware attack that is widely thought to have contributed to the energy blackouts.

The malware attack, known as BlackEnergy, was spread via boobytrapped Word documents and tricked recipients via social engineering into enabling macros to activate the malicious payload.

With attackers actively using techniques like this against their targets it’s no surprise that many organisations are now choosing to permanently disable macros in Microsoft Word.

The hack attacks against Ukraine’s infrastructure didn’t stop there, with another attack following hot on the heels in January 2016, this time using a poisoned XLS spreadsheet to install a backdoor on the country’s power industry networks.

As well as attacks on its energy structure, Ukraine’s government websites have suffered a series of internet attacks designed to disrupt their operation and prevent users from accessing their services.

As recently as last week, Ukrainian officials were blaming the website DDoS attacks on pro-Russian separatists, attempting to prevent the government from keeping the public informed and causing delays in payments.

It’s too early to say for certain whether the Kiev power outage was the work of hackers, or indeed where those hackers might have been based or who might have been sponsoring them. It’s easy to name likely culprits but much much more difficult to reliably attribute with absolute authority who might have been responsible.

Nonetheless, if Ukraine’s power grid was again assaulted by hackers it wouldn’t take a huge leap in logic to determine which country might have a vested interest in causing the disruption.

With luck, more details of precisely what occurred this weekend to Ukraine’s power grid will be made public in the fullness of time.

In the meantime, anyone responsible for the security of industrial control systems and national infrastructure should think long and hard about whether they have done enough to protect their networks, and what can be done to further reduce the opportunities for external hackers to attack.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read