Ukraine utility cyberattack wider than reported


  • TECH
  • Tuesday, 05 Jan 2016

Electric shock: Experts have warned that electric utilities are vulnerable to cyberattacks that could cut power.

A central European security software firm said that a cyberattack last month in Ukraine was broader than initially reported last week when the nation's secret police blamed a power outage on Russia.

Western Ukraine power company Prykarpattyaoblenergo reported an outage on Dec 23, saying the area affected included regional capital Ivano-Frankivsk. Ukraine's SBU state security service responded by blaming Russia and the energy ministry in Kiev set up a commission to investigate the matter.

While Prykarpattyaoblenergo was the only Ukraine electric firm that reported an outage, similar malware was found in the networks of at least two other utilities, said Robert Lipovsky, senior malware researcher at Bratislava-based security company ESET. He said they were ESET customers, but declined to name them or elaborate.

"The reported case was not an isolated incident," he said.

Prykarpattyaoblenergo publicly blamed its outage on "interference" in the working of its system. The Kremlin did not respond to a request for comment.

Researchers with computer security firms Trend Micro and iSight Partners said ESET's assessment that the attackers sought to infect other utilities appeared credible, shedding new light on evidence that this is the first power outage proven to have been caused by a cyberattack. Experts have warned for years, with growing urgency, that electric utilities are vulnerable to cyber attacks that could cut power.

"This is the first time we have proof and can tie malware to a particular outage," said Trend Micro senior researcher Kyle Wilhoit. "It is pretty scary."

Cyber firm iSight Partners said that ESET's report of multiple attacks is consistent with its own analysis.

"There is pretty strong consensus that there was a blackout caused by a computer network attack," said iSight's director of cyber espionage analysis, John Hultquist.

Experts with ESET, iSight and Trend Micro told Reuters the attackers used a malicious software platform known as "BlackEnergy" to access utility networks, planting a related piece of malware, "KillDisk," on targeted systems.

KillDisk can delete or overwrite data files.

Researchers say they have yet to determine whether KillDisk's job was to knock out power or simply conceal the attack.

Cyber criminals have been using versions of BlackEnergy since 2007. Over the past two years, there has been widespread reports that a Moscow-backed group, Sandworm, was using it for targeted attacks. — Reuters

Celebrate Merdeka with 50% Off!
T&C applies.

Monthly Plan

RM13.90/month
RM6.95 only

Billed as RM6.95 for the 1st month then RM13.90 thereafters.

Annual Plan

RM12.33/month
RM6.17/month

Billed as RM78 for the 1st year then RM148 thereafters.

1 month

Free Trial

For new subscribers only


Cancel anytime. No ads. Auto-renewal. Unlimited access to the web and app. Personalised features. Members rewards.
Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Review: A new book chronicles the battle over AI, but fails to question whether AI is worth battling over
'50 messages in 1 hour': UAE parents, teachers debate impact of school WhatsApp groups
United Airlines taps Elon Musk's Starlink for in-flight internet
Exclusive-OpenAI's stunning $150 billion valuation hinges on upending corporate structure, sources say
Intel qualifies for $3.5 billion in grants to make chips for US military, Bloomberg News reports
Nvidia's stock market dominance fuels big swings in the S&P 500
Trump says he is not selling his shares of media company
X unlikely to fall under landmark EU tech rules, source says
Italy tests AI-assisted teaching in schools to boost IT skills
Brazil top court lifts Starlink, X bank account freeze after $3 million transfer

Others Also Read