11.1.17

Recent Ukrainian Power Outage Deemed Result of Cyber Attack

Investigators confirmed the power outage in Ukraine last month was the result of a cyber attack that targeted the Pivnichna substation—a transmission facility—outside the Ukrainian capital Kiev. Originally, the Ukrainian national power company, UkrEnergo, stated that it was unclear if the blackout was the result of hackers or simply equipment failure, as is common in Ukraine during winter. Investigators now conclusively state the outage was the result of a cyber attack, where hackers shut down the remote-terminal units (RTUs) controlling the substation’s breakers.
The Cipher Take:This is the second public hack of a Ukrainian power facility—almost exactly a year after the first—causing an outage lasting somewhere between three and six hours and affecting around 230,000 people. Ukrainian intelligence attributed the initial cyber attack to a Russian-sponsored group known as Sandworm. Sandworm reportedly used a piece of malware called BlackEnergy, and both were named in the recently released DHS-FBI Joint Analysis Report (JAR) on Russian cyber activity. While formal attribution for the most recent attack on Ukraine’s power grid has yet to be announced, security researchers believe the same group that targeted the power distribution facilities in 2015 also targeted the transmission facility, as well as the national railway system and the Ministry of Finance. Experts warn that Russian hackers may be using Ukraine as a testing ground for cyber attacks on critical infrastructure such as power, financial, and transportation systems.

https://www.thecipherbrief.com/subscribe

No comments :

Print Friendly Get PDF