On December 23, 2015, the power grid in two western oblasts of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-present) and is attributed to a Russian advanced persistent threat group known as "Sandworm".[1] It is the first publicly acknowledged successful cyberattack on a power grid.[2]

Description

edit

On 23 December 2015, hackers using the BlackEnergy 3 malware remotely compromised information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers. Most affected were consumers of Prykarpattyaoblenergo (Ukrainian: Прикарпаттяобленерго; servicing Ivano-Frankivsk Oblast): 30 substations (7 110kv substations and 23 35kv substations) were switched off, and about 230,000 people were without electricity for a period from 1 to 6 hours.[3]

At the same time, consumers of two other energy distribution companies, Chernivtsioblenergo (Ukrainian: Чернівціобленерго; servicing Chernivtsi Oblast) and Kyivoblenergo (Ukrainian: Київобленерго; servicing Kyiv Oblast) were also affected by a cyberattack, but at a smaller scale. According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to the Russian Federation.[4]

Vulnerability

edit

In 2019, it was argued that Ukraine was a special case, comprising unusually dilapidated infrastructure, a high level of corruption, the ongoing Russo-Ukrainian War, and exceptional possibilities for Russian infiltration due to the historical links between the two countries.[5] The Ukrainian power grid was built when it was part of the Soviet Union, has been upgraded with Russian parts and (as of 2022), still not been fixed.[clarification needed] Russian attackers are as familiar with the software as operators. Furthermore, the timing of the attack during the holiday season guaranteed only a skeleton crew of Ukrainian operators were working (as shown in videos).[6]

Method

edit

The cyberattack was complex and consisted of the following steps:[4]

  • Prior compromise of corporate networks using spear-phishing emails with BlackEnergy malware
  • Seizing SCADA under control, remotely switching substations off
  • Disabling/destroying IT infrastructure components (uninterruptible power supplies, modems, RTUs, commutators)
  • Destruction of files stored on servers and workstations with the KillDisk malware
  • Denial-of-service attack on call-center to deny consumers up-to-date information on the blackout.
  • Emergency power at the utility company’s operations center was switched off.[6]

In total, up to 73 MWh of electricity was not supplied (or 0.015% of daily electricity consumption in Ukraine).[4]

See also

edit

References

edit
  1. ^ Jim Finkle (7 January 2016). "U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters. Archived from the original on 23 June 2017. Retrieved 2 July 2017.
  2. ^ Kostyuk, Nadiya; Zhukov, Yuri M. (2019-02-01). "Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events?". Journal of Conflict Resolution. 63 (2): 317–347. doi:10.1177/0022002717737138. ISSN 0022-0027. S2CID 44364372. Archived from the original on 2022-02-25. Retrieved 2022-02-25.
  3. ^ Zetter, Kim (3 March 2016). "Inside the cunning, unprecedented hack of Ukraine's power grid". Wired. San Francisco, California, USA. ISSN 1059-1028. Archived from the original on 2021-02-08. Retrieved 2021-02-08.
  4. ^ a b c "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". mpe.kmu.gov.ua. Міністерство енергетики та вугільної промисловості України. 2016-02-12. Archived from the original on 2016-08-15. Retrieved 2016-10-10.
  5. ^ Overland, Indra (1 March 2019). "The geopolitics of renewable energy: debunking four emerging myths". Energy Research and Social Science. 49: 36–40. doi:10.1016/j.erss.2018.10.018. hdl:11250/2579292. ISSN 2214-6296. Archived from the original on 2021-08-19. Retrieved 2021-02-08.  
  6. ^ a b Sanger, David E.; Barnes, Julian E. (2021-12-20). "U.S. and Britain Help Ukraine Prepare for Potential Russian Cyberassault". The New York Times. ISSN 0362-4331. Archived from the original on 2022-01-16. Retrieved 2022-01-17.

Further reading

edit
edit