Ukrainian power grid downed 'by cyber attack'

Attackers may have used the same malware as used on Ukrainian media companies

Symantec's Cybersecurity Response experts have released information following the recent cyber-security attack against the Ukrainian energy sector, which resulted in blackouts for hundreds of thousands of homes.

Symantec has identified the Trojan reportedly used in the attack as Trojan.Disakil, which had previously been used to target media companies in the country.

In October 2015, several computers belonging to a major Ukrainian media company were compromised when the malware package known as BlackEnergy was employed in order to retrieve admin credentials which were then used to execute the Disakil trojan on several other computers.

The same method may have been used to infect terminals in the substations of three local power authorities, according to Symantec.

Advertisement - Article continues below
Advertisement - Article continues below

The power outage occurred on 23 December, and affected roughly 700,000 homes. 

Ukranian officials have laid the blame for the attack on Russia's doorstep, after 2015's Crimean conflict led to a breakdown in relations between the two states.

After a series of updates, the BlackEnergy package was expanded to give hackers additional tools, including many that are designed to aid in intelligence gathering.

These include industrial sabotage functions, KillDisk utilities to wipe key hard-drive sections and make computers non-bootable, and an SSH backdoor that lets hackers permanently access infected systems.

Reports from ESET indicate that the Trojan was carefully programmed to delete specific data and take specific systems offline in a precisely targeted attack.

While it has not officially been confirmed that the cyber attack is what took down the power grid, ESET's researchers have noted that it is entirely possible, stating that "after having successfully infiltrated a critical system with either of these trojans, an attacker would theoretically, be perfectly capable of shutting it down".

Advertisement - Article continues below

If true, this has echoes of the Stuxnet virus that destroyed huge swathes of Iran's nuclear technology in 2009, as well as a vast attack on Estonia that has been dubbed the first cyber war' also linked to Russia.

It also highlights the troubling capability of cybercriminals to use advanced hacking techniques to sabotage vital infrastructure, potentials endangering thousands of lives.

This story was originally published on 5 January and has since been updated to reflect new information. 

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best free malware removal tools 2019

23 Dec 2019

Best antivirus for Windows 10

3 Sep 2019

Most Popular


How to use Chromecast without Wi-Fi

5 Feb 2020
cyber security

McAfee researchers trick Tesla autopilot with a strip of tape

21 Feb 2020
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020

The top ten password-cracking techniques used by hackers

10 Feb 2020