U.S. Department Of Homeland Security Confirms Cyber Attacks Took Down Ukraine Power Grid In December

by Marco Chiappetta — Friday, February 26, 2016, 01:10 PM EDT

In late December, a major power outage killed utility services for a large swathe of people in the Western Ukraine. Shortly after the incident, a number of cyber security experts pointed the finger at hackers and claimed some nefarious digital activities took down the power grid, but nothing had been officially confirmed at the time.

But now the U.S Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, is reporting that the outage was caused by a measured cyber-attack against Ukrainian critical infrastructure.

An alert published on the ICS-CERT website says, “On December 23, 2015, Ukrainian power companies experienced unscheduled power outages impacting a large number of customers in Ukraine. In addition, there have also been reports of malware found in Ukrainian companies in a variety of critical infrastructure sectors. Public reports indicate that the BlackEnergy (BE) malware was discovered on the companies’ computer networks, however it is important to note that the role of BE in this event remains unknown pending further technical analysis.”

Detail of the attack are more alarming than a simple malware infection that allowed remote access, however. The widespread disruption of services was caused by power outages at three different regional electric power distribution companies. The cyber-attack was reportedly synchronized and coordinated across the three locations after extensive reconnaissance of the target networks. The intruders had likely acquired legitimate credentials over time, prior to initiating the attacks.

To take down the grid, the attackers apparently remotely executed some malware that erased critical data from a number of hard drives, and then corrupted the boot records on those drives. The firmware on some key Serial-to-Ethernet devices at various substations was also corrupted and rendered inoperable and the uninterruptable power supplies connected to some number of servers were taken down as well.

There is detection and mitigation data in the post on the ICS-CERT website for those interested in more details.

Tags: security, DHS, Hackers, Ukraine, cyberattack, ics-cert

Marco Chiappetta

Marco's interest in computing and technology dates all the way back to his early childhood. Even before being exposed to the Commodore P.E.T. and later the Commodore 64 in the early ‘80s, he was interested in electricity and electronics, and he still has the modded AFX cars and shop-worn soldering irons to prove it. Once he got his hands on his own Commodore 64, however, computing became Marco's passion. Throughout his academic and professional lives, Marco has worked with virtually every major platform from the TRS-80 and Amiga, to today's high end, multi-core servers. Over the years, he has worked in many fields related to technology and computing, including system design, assembly and sales, professional quality assurance testing, and technical writing. In addition to being the Managing Editor here at HotHardware for close to 15 years, Marco is also a freelance writer whose work has been published in a number of PC and technology related print publications and he is a regular fixture on HotHardware’s own Two and a Half Geeks webcast. - Contact: marco(at)hothardware(dot)com