Cyber Attack is Confirmed as Cause of Ukraine's Power Grid Blackout

January 14, 2016

By Joe Rizzo - Contributing Writer

A few days before this past Christmas, on December 23, the area around the Ukrainian regional capital city of Ivano-Frankivsk was hit by what was believed to be a cyber attack. The result was a power outage that affected more than 700,000 western Ukrainians. Several security firms, which included American firm iSight Partners suspected that the cause of the power grid going dark was a cyber attack.

After cyber experts at SANS Industrial Control Systems (ICS) conducted a detailed analysis, they confirmed that the outage was a "coordinated intentional attack." As mentioned in an Ars Technica article, Michael Assante, director of SANS ICS, commented that "After analyzing the information that has been made available by affected power companies, researchers and the media, it is clear that cyber attacks were directly responsible for power outages in Ukraine. We assess with high confidence based on company statements, media reports and first-hand analysis that the incident was due to a coordinated intentional attack."

It is believed that this was a three pronged cyber attack. The first phase gave the hackers access to the power company systems, which allowed them to open circuit breakers, effectively cutting off the power. The next phase was to use a wiper utility known as KillDisk designed to prevent any efforts of recovery from the attack. The final phase was a denial-of-service [DoS] to the phone systems which prevented power company personnel from receiving customer reports of outages.

It was originally thought that a malware tool known as BlackEnergy with the KillDisk component was the culprit, but Assante said, "Malware likely enabled the attack. There was an intentional attack, but the KillDisk component itself did not cause the outage."

In a blog posting iSight Partners’ director of cyber espionage analysis, John Hultquist, attributed the hack to a Russian hacking group known as the Sandworm Team. He wrote "We have linked Sandworm Team to the incident, principally based on BlackEnergy 3, the malware that has become their calling card."

There is still no real confirmation as to what group initiated the cyber attack and many of the details concerning the event remain unknown. Due to the nature of the incident, especially the use of destructive malware, it is unlikely that every detail of the operation will be exposed.

It is evident that these days nature is not the only cause of power outages. Regardless of whether a fallen tree branch or a cyber attack knocks out power, we live in a time when protecting your data and equipment is essential. There is no doubt that a solid backup policy is a crucial component to remaining secure.

Edited by Rory J. Thompson

Article comments powered by Disqus

Power Your campus

Featured Whitepapers

Security & Power: The Critical Role of Power Protection for Security

This White Paper provides security users and installers with valuable information about the importance of power protection for security equipment.

Saving Time & Money with Remote Power Management

This White Paper provides statistics and information about the cost of downtime related to remote equipment, and how organizations can benefit from including remote power management products (IP-addressable PDUs) in their power protection strategy.

Powering Your Disaster Planning

The white paper describes key components of a comprehensive plan to prevent businesses and other organizations from suffering severe consequences as a result of a power outage.

Featured Technotes

What is 3-phase Power?

This installment of the TechNotes series takes you through the basics of single, dual, and 3-phase power, giving you the knowledge to decide which type of power is best for your needs.

Endeavor: Added Runtime vs. Added Cost

This TechNotes paper looks at the relationship between added cost and added runtime when including XL battery packs with Minuteman Endeavor 1kVA, 2kVA, & 3kVA UPSs.

Featured Podcast

The Importance of Remote Power Management for Disaster Preparedness

TMC podcast with Minuteman UPS/Para Systems on the importance of remote power management solutions for optimum power protection.