Hackers used malware to confuse utility in Ukraine outage - report


(Reuters) - Hackers likely caused a Dec. 23 electricity outage in Ukraine by remotely switching breakers to cut power, after installing malware to prevent technicians from detecting the attack, according to a report analysing how the incident unfolded.

The report from Washington-based SANS ICS was released late on Saturday, providing the first detailed analysis of what caused a six-hour outage for some 80,000 customers of Western Ukraine's Prykarpattyaoblenergo utility.

SANS ICS, which advises infrastructure operators on combating cyber attacks, also said the attackers crippled the utility's customer-service centre by flooding it with phone calls to prevent customers from alerting the utility that power was down.

"This was a multi-pronged attack against multiple facilities. It was highly coordinated with very professional logistics," said Robert Lee, a former U.S. Air Force cyber warfare operations officer who helped compile the report for SANS ICS. "They sort of blinded them in every way possible."

Experts widely describe the incident as the first known power outage caused by a cyber attack. Ukraine's SBU state security service blamed Russia, and U.S. cyber firm iSight Partners identified the perpetrator as a Russian hacking group known as "Sandworm."

Ukraine's energy ministry has said it will hold off on discussing the matter until after Jan. 18, following completion of a formal probe into the matter.

The utility's operators were able to quickly recover by switching to manual operations, essentially disconnecting infected workstations and servers from the grid, according to the report.

SANS ICS said on its blog it had "high confidence" in its findings, which were based on discussions and analysis from "multiple international community members and companies". (https://ics.sans.org/blog) The report's authors declined to identify those sources.

U.S. critical infrastructure security expert Joe Weiss said he believed the report's findings would be validated. "They did a phenomenal job," he said.

There is strong interest in the outage because of concerns that similar techniques could be used to launch more attacks on power operators around the globe.

"What is now true is that a coordinated cyber attack consisting of multiple elements is one of the expected hazards (electric utilities) may face," SANS ICS Director Michael Assante said in a blog.

"We need to learn and prepare ourselves to detect, respond, and restore from such events in the future," said Assante, former chief security officer of the quasi-governmental North American Electric Reliability Corp.

(Reporting by Jim Finkle in Boston; Editing by James Dalgleish)

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In World

Egypt eliminates Australia through penalty shootout for World Cup last 16 berth
1st LD Writethru: Venezuela quake death toll rises to 2,645
Roundup: Syria foiled bus bombing attempt amid rising security concerns in Damascus
Congo says number of confirmed Ebola cases rises to 1,502
Magnitude 5.5 earthquake hits near coast of central Chile, GFZ says
Urgent: Venezuela quake death toll rises to 2,645
Flash: Egypt beats Australia to reach World Cup last 16
Death toll of Venezuela earthquakes rises to 2,645
4th professional training course for Chinese language teachers held in Ukraine
Mexican authorities identify remains of kidnapped journalist, arrest four police officers

Others Also Read