Ukrainian power grid downed 'by cyber attack'

Attackers may have used the same malware as used on Ukrainian media companies

Symantec's Cybersecurity Response experts have released information following the recent cyber-security attack against the Ukrainian energy sector, which resulted in blackouts for hundreds of thousands of homes.

Symantec has identified the Trojan reportedly used in the attack as Trojan.Disakil, which had previously been used to target media companies in the country.

In October 2015, several computers belonging to a major Ukrainian media company were compromised when the malware package known as BlackEnergy was employed in order to retrieve admin credentials which were then used to execute the Disakil trojan on several other computers.

The same method may have been used to infect terminals in the substations of three local power authorities, according to Symantec.

The power outage occurred on 23 December, and affected roughly 700,000 homes. 

Ukranian officials have laid the blame for the attack on Russia's doorstep, after 2015's Crimean conflict led to a breakdown in relations between the two states.

After a series of updates, the BlackEnergy package was expanded to give hackers additional tools, including many that are designed to aid in intelligence gathering.

These include industrial sabotage functions, KillDisk utilities to wipe key hard-drive sections and make computers non-bootable, and an SSH backdoor that lets hackers permanently access infected systems.

Reports from ESET indicate that the Trojan was carefully programmed to delete specific data and take specific systems offline in a precisely targeted attack.

While it has not officially been confirmed that the cyber attack is what took down the power grid, ESET's researchers have noted that it is entirely possible, stating that "after having successfully infiltrated a critical system with either of these trojans, an attacker would theoretically, be perfectly capable of shutting it down".

If true, this has echoes of the Stuxnet virus that destroyed huge swathes of Iran's nuclear technology in 2009, as well as a vast attack on Estonia that has been dubbed the first cyber war' also linked to Russia.

It also highlights the troubling capability of cybercriminals to use advanced hacking techniques to sabotage vital infrastructure, potentials endangering thousands of lives.

This story was originally published on 5 January and has since been updated to reflect new information. 

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021