Ukrainian power grid downed 'by cyber attack'

Attackers may have used the same malware as used on Ukrainian media companies

Symantec's Cybersecurity Response experts have released information following the recent cyber-security attack against the Ukrainian energy sector, which resulted in blackouts for hundreds of thousands of homes.

Symantec has identified the Trojan reportedly used in the attack as Trojan.Disakil, which had previously been used to target media companies in the country.

Advertisement - Article continues below

In October 2015, several computers belonging to a major Ukrainian media company were compromised when the malware package known as BlackEnergy was employed in order to retrieve admin credentials which were then used to execute the Disakil trojan on several other computers.

The same method may have been used to infect terminals in the substations of three local power authorities, according to Symantec.

The power outage occurred on 23 December, and affected roughly 700,000 homes. 

Ukranian officials have laid the blame for the attack on Russia's doorstep, after 2015's Crimean conflict led to a breakdown in relations between the two states.

After a series of updates, the BlackEnergy package was expanded to give hackers additional tools, including many that are designed to aid in intelligence gathering.

These include industrial sabotage functions, KillDisk utilities to wipe key hard-drive sections and make computers non-bootable, and an SSH backdoor that lets hackers permanently access infected systems.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Reports from ESET indicate that the Trojan was carefully programmed to delete specific data and take specific systems offline in a precisely targeted attack.

While it has not officially been confirmed that the cyber attack is what took down the power grid, ESET's researchers have noted that it is entirely possible, stating that "after having successfully infiltrated a critical system with either of these trojans, an attacker would theoretically, be perfectly capable of shutting it down".

If true, this has echoes of the Stuxnet virus that destroyed huge swathes of Iran's nuclear technology in 2009, as well as a vast attack on Estonia that has been dubbed the first cyber war' also linked to Russia.

It also highlights the troubling capability of cybercriminals to use advanced hacking techniques to sabotage vital infrastructure, potentials endangering thousands of lives.

This story was originally published on 5 January and has since been updated to reflect new information. 

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020
Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020
Visit/security/hacking/355801/scammers-using-coronavirus-contact-tracing-in-hacking-attempt
hacking

Scammers leverage contact-tracing in hacking attempt

27 May 2020
Visit/security/phishing/355793/gitlab-phishes-its-remote-employees-and-1-in-5-fell-for-it
phishing

GitLab phished its employees and 20% handed over credentials

26 May 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020