Hackers shut down power grid in Ukraine
US government computer security experts are investigating Kyiv’s claim that Russian hackers used the malicious software code BlackEnergy to takedown three power substations on Ukraine’s national grid on 23 December.
Just past year was the first confirmed case of physical damage to a non-military target being caused by a cyber attack, when a German steel mill was “massively” damaged.
Cherepanov (malware researcher of Security Company ESET based at Bratislava, Slovakia) confirmed that those reported attacks were associated with the BlackEnergy malware attacks in the ESET report.
“It’s always been the scenario we’ve been anxious about for years because it has ramifications across broad sectors”, The Washington Post reported.
“There is pretty strong consensus that there was a blackout caused by a computer network attack”, said iSight’s director of cyber espionage analysis, John Hultquist. In November, Ukrainian nationalists and anti-Russian activists allegedly knocked down electricity pylons in the Kherson region, and prevented crews from restoring service, leaving more than 1.8 million people on the Black Sea in a blackout.
The E-ISAC report identified systems integrator Galician Computer Co as having worked for Prykarpattyaoblenergo and two other utilities that were reported to have been targeted in the attack but did not experience outages: Chernivtsioblenergo and Kyivoblenergo.
According to computer security specialist ESET, attackers were able to infiltrate power station computers by using malware-laden Microsoft Office documents.
According to ESET, the malware was recently updated again to add a new component called KillDisk, a tool that destroys critical components found within hard drives and contains a deadly function that could “sabotage industrial control systems”. “In that instance, a number of news media companies were attacked at the time of the 2015 Ukrainian local elections”, ESET malware researcher Anton Cherepanov says in a blog post.
Although experts like Michael Assante at the SANS Institute, a cyber-training organization, say the attack was of “low to moderate sophistication”, the incident could still be a worrisome sign of things to come. “ISIGHT believes the activity is Russian in origin and the intrusions they carried out against USA and European SCADA systems were reconnaissance for attack”.
What hackers might really be after is the disruption of “industrial control systems”.
Cyberattacks against infrastructure, such as electricity grids, have also been cause for alarm for politicians.
Boston: Following reports that 80,000 customers of a Western Ukraine utility lost power for six hours following a cyber attack last last month, a quasi-governmental United States electric industry group last week advised members to review network defences.