Ukrainian power grid downed 'by cyber attack'

Attackers may have used the same malware as used on Ukrainian media companies

Symantec's Cybersecurity Response experts have released information following the recent cyber-security attack against the Ukrainian energy sector, which resulted in blackouts for hundreds of thousands of homes.

Symantec has identified the Trojan reportedly used in the attack as Trojan.Disakil, which had previously been used to target media companies in the country.

In October 2015, several computers belonging to a major Ukrainian media company were compromised when the malware package known as BlackEnergy was employed in order to retrieve admin credentials which were then used to execute the Disakil trojan on several other computers.

The same method may have been used to infect terminals in the substations of three local power authorities, according to Symantec.

The power outage occurred on 23 December, and affected roughly 700,000 homes. 

Ukranian officials have laid the blame for the attack on Russia's doorstep, after 2015's Crimean conflict led to a breakdown in relations between the two states.

After a series of updates, the BlackEnergy package was expanded to give hackers additional tools, including many that are designed to aid in intelligence gathering.

These include industrial sabotage functions, KillDisk utilities to wipe key hard-drive sections and make computers non-bootable, and an SSH backdoor that lets hackers permanently access infected systems.

Reports from ESET indicate that the Trojan was carefully programmed to delete specific data and take specific systems offline in a precisely targeted attack.

While it has not officially been confirmed that the cyber attack is what took down the power grid, ESET's researchers have noted that it is entirely possible, stating that "after having successfully infiltrated a critical system with either of these trojans, an attacker would theoretically, be perfectly capable of shutting it down".

If true, this has echoes of the Stuxnet virus that destroyed huge swathes of Iran's nuclear technology in 2009, as well as a vast attack on Estonia that has been dubbed the first cyber war' also linked to Russia.

It also highlights the troubling capability of cybercriminals to use advanced hacking techniques to sabotage vital infrastructure, potentials endangering thousands of lives.

This story was originally published on 5 January and has since been updated to reflect new information. 

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021
Global ransom DDoS extortionists are retargeting companies
distributed denial of service (DDOS)

Global ransom DDoS extortionists are retargeting companies

22 Jan 2021
BEC scammers are using Google Forms to identify easy victims
phishing

BEC scammers are using Google Forms to identify easy victims

21 Jan 2021
FBI warns of ongoing corporate vishing attacks
phishing

FBI warns of ongoing corporate vishing attacks

19 Jan 2021

Most Popular

WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021