On December 23, 2015, the power grid in two western oblasts of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-present) and is attributed to a Russian advanced persistent threat group known as "Sandworm".[1] It is the first publicly acknowledged successful cyberattack on a power grid.[2]
Description
editOn 23 December 2015, hackers using the BlackEnergy 3 malware remotely compromised information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers. Most affected were consumers of Prykarpattyaoblenergo (Ukrainian: Прикарпаттяобленерго; servicing Ivano-Frankivsk Oblast): 30 substations (7 110kv substations and 23 35kv substations) were switched off, and about 230,000 people were without electricity for a period from 1 to 6 hours.[3]
At the same time, consumers of two other energy distribution companies, Chernivtsioblenergo (Ukrainian: Чернівціобленерго; servicing Chernivtsi Oblast) and Kyivoblenergo (Ukrainian: Київобленерго; servicing Kyiv Oblast) were also affected by a cyberattack, but at a smaller scale. According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to the Russian Federation.[4]
Vulnerability
editIn 2019, it was argued that Ukraine was a special case, comprising unusually dilapidated infrastructure, a high level of corruption, the ongoing Russo-Ukrainian War, and exceptional possibilities for Russian infiltration due to the historical links between the two countries.[5] The Ukrainian power grid was built when it was part of the Soviet Union, has been upgraded with Russian parts and (as of 2022), still not been fixed.[clarification needed] Russian attackers are as familiar with the software as operators. Furthermore, the timing of the attack during the holiday season guaranteed only a skeleton crew of Ukrainian operators were working (as shown in videos).[6]
Method
editThe cyberattack was complex and consisted of the following steps:[4]
- Prior compromise of corporate networks using spear-phishing emails with BlackEnergy malware
- Seizing SCADA under control, remotely switching substations off
- Disabling/destroying IT infrastructure components (uninterruptible power supplies, modems, RTUs, commutators)
- Destruction of files stored on servers and workstations with the KillDisk malware
- Denial-of-service attack on call-center to deny consumers up-to-date information on the blackout.
- Emergency power at the utility company’s operations center was switched off.[6]
In total, up to 73 MWh of electricity was not supplied (or 0.015% of daily electricity consumption in Ukraine).[4]
See also
edit- 2016 Kyiv cyberattack, which resulted in another power outage
- Ukrenergo, electricity transmission system operator in Ukraine
- Ukrainian energy crisis, 2024 energy shortage in Ukraine
- 2017 cyberattacks on Ukraine
- Russo-Ukrainian cyberwarfare
- Cyberwarfare by Russia
- Vulkan files leak
References
edit- ^ Jim Finkle (7 January 2016). "U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters. Archived from the original on 23 June 2017. Retrieved 2 July 2017.
- ^ Kostyuk, Nadiya; Zhukov, Yuri M. (2019-02-01). "Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events?". Journal of Conflict Resolution. 63 (2): 317–347. doi:10.1177/0022002717737138. ISSN 0022-0027. S2CID 44364372. Archived from the original on 2022-02-25. Retrieved 2022-02-25.
- ^ Zetter, Kim (3 March 2016). "Inside the cunning, unprecedented hack of Ukraine's power grid". Wired. San Francisco, California, USA. ISSN 1059-1028. Archived from the original on 2021-02-08. Retrieved 2021-02-08.
- ^ a b c "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". mpe.kmu.gov.ua. Міністерство енергетики та вугільної промисловості України. 2016-02-12. Archived from the original on 2016-08-15. Retrieved 2016-10-10.
- ^ Overland, Indra (1 March 2019). "The geopolitics of renewable energy: debunking four emerging myths". Energy Research and Social Science. 49: 36–40. doi:10.1016/j.erss.2018.10.018. hdl:11250/2579292. ISSN 2214-6296. Archived from the original on 2021-08-19. Retrieved 2021-02-08.
- ^ a b Sanger, David E.; Barnes, Julian E. (2021-12-20). "U.S. and Britain Help Ukraine Prepare for Potential Russian Cyberassault". The New York Times. ISSN 0362-4331. Archived from the original on 2022-01-16. Retrieved 2022-01-17.
Further reading
edit- Robert M. Lee; Michael J. Assante; Tim Conway (18 March 2016). Analysis of the Cyber Attack on the Ukrainian Power Grid. Defense Use Case (PDF). E-ISAC.
- Nate Beach-Westmoreland; Jake Styczynski; Scott Stables (November 2016). When The Lights Went Out (PDF). Booz Allen Hamilton.
External links
edit- Adi Nae Gamliel (2017-10-6) "Securing Smart Grid and Advanced Metering Infrastructure".
- Andy Greenberg (2017-06-20). "How An Entire Nation Became Russia's Test Lab for Cyberwar". Wired.
- Kim Zetter (2016-03-03). "Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid". Wired.
- Kim Zetter (2016-01-20). "Everything We Know About Ukraine's Power Plant Hack". Wired.
- John Hulquist (2016-01-07). "Sandworm Team and the Ukrainian Power Authority Attacks". FireEye.
- ICS-CERT, [https://www.cisa.gov/uscert/ics/advisories/ICSA-16-336-02)
- ICS-CERT, Cyber-Attack Against Ukrainian Critical Infrastructure (IR-ALERT-H-16-056-01)