It happened last year, and now it’s happened again this year: researchers have confirmed that hackers were responsible for a power outage in Ukraine this past December, during one of the country’s coldest months. The outage caused by hackers in 2015 was the first known time that hackers brought down a power grid. It was alarming at the time. This latest attack in Ukraine comes amidst reports last week that the Russians had planted Malware in a Vermont power company laptop, raising questions about how prepared the United States grids are for these types of threats.
The attack itself started just after midnight and lasted about an hour on December 17. It impacted a substation near the capital of Kiev and the total blackout was about 1/5 of total power consumed on average at that time of night. The attack was short-lived and did not leave permanent damage, and is being deemed as more of a “show of power and ability” rather than a malicious attack with the intent to permanently disable.
“The attack [was] not meant to have any lasting dramatic consequences,” Marina Krotofil, a security researcher for Honeywell Industrial Cyber Security Labs, told Motherboard. “They could do many more things, but obviously they didn’t have this as an intent. It was more like a demonstration of capabilities.”
This latest attack used many of the same tools and software that the previous year’s attack had used. These included a framework called BlackEnergy and disk wiping malware called KillDisk. The entryway for these infiltrating programs was a sophisticated “spear phishing” campaign that struck the Ukraine government in July designed to send emails from the accounts of higher ups in the company to ensure the email attachments get opened and spread.
Oleksii Yasynskyi, head of Information Systems Security Partners in Ukraine, said that the attack was performed by several groups working together, gathering passwords and making custom malware for specific targets.
As of now it is too early to be sure of the attacks can be attributed to the Russian government, but at this point it seems like a likely scenario. An article from the BBC seems to also link growing evidence that it will likely be traced back to Russia. With the already growing hacking scandal in the United States over the election, this would signal the fact that Russia is growing much more willing to use hacking to reach geopolitical ends.
The United States should be paying close attention to these international hacking scandals and prepare to continue to fortify American utilities. It is known that our utility grids are a weak link and do not have the cybersecurity needed in this day in age of advanced hacking and cyber warfare.