December 2015 Ukraine power grid cyberattack

The December 2015 Ukraine power grid cyberattack took place on 23 December 2015 and is considered to be the first known successful cyberattack on a power grid. Hackers were able to successfully compromise information systems of three energy distribution companies in Ukraine and temporarily disrupt electricity supply to the end consumers.

Most affected were consumers of «Prykarpattyaoblenergo» (Ukrainian: Прикарпаттяобленерго; servicing Ivano-Frankivsk Oblast): 30 substations were switched off, and about 230 thousand people were left without electricity for a period from 1 to 6 hours.[1]

At the same time consumers of two other energy distribution companies, «Chernivtsioblenergo» (Ukrainian: Чернівціобленерго; servicing Chernivtsi Oblast) and «Kyivoblenergo» (Ukrainian: Київобленерго; servicing Kyiv Oblast) were also affected by a cyberattack, but at a smaller scale. According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to the Russian Federation.[2]

Description

The cyberattack was complex and consisted of the following steps:[2]

  • prior compromise of corporate networks using spear-phishing emails with BlackEnergy malware;
  • seizing SCADA under control, remotely switching substations off;
  • disabling/destroying IT infrastructure components (uninterruptible power supplies, modems, RTUs, commutators);
  • destruction of files stored on servers and workstations with the KillDisk malware;
  • denial-of-service attack on call-center to deny consumers up-to-date information on the blackout.

In total, up to 73 MWh of electricity was not supplied (or 0.015% of daily electricity consumption in the Ukraine).[2]

Cyber attacks on the energy distribution companies took place during an ongoing Russian-Ukrainian war and is attributed to a Russian advanced persistent threat group known as "Sandworm".[3]

See also

References

  1. Kim Zetter (2016-03-03). "Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid". Wired.
  2. 1 2 3 "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". Міністерство енергетики та вугільної промисловості України. 2016-02-12.
  3. Jim Finkle (2016-01-07). "U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters.

Further reading

  • Robert M. Lee; Michael J. Assante; Tim Conway (18 March 2016). Analysis of the Cyber Attack on the Ukrainian Power Grid. Defense Use Case (PDF). E-ISAC.
  • Nate Beach-Westmoreland; Jake Styczynski; Scott Stables (November 2016). When The Lights Went Out (PDF). Booz Allen Hamilton.
  • Adi Nae Gamliel (2017-10-6) "Securing Smart Grid and Advanced Metering Infrastructure".
  • Andy Greenberg (2017-06-20). "How An Entire Nation Became Russia's Test Lab for Cyberwar". Wired.
  • Kim Zetter (2016-03-03). "Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid". Wired.
  • Kim Zetter (2016-01-20). "Everything We Know About Ukraine's Power Plant Hack". Wired.
  • John Hulquist (2016-01-07). "Sandworm Team and the Ukrainian Power Authority Attacks". FireEye.
  • ICS-CERT, Cyber-Attack Against Ukrainian Critical Infrastructure (IR-ALERT-H-16-056-01)
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.