Russia Main Suspect In Ukraine Energy Grid Hack

Updated on

Ukraine has been unofficially at war with Russia for almost two years now, ever since Russian President Vladimir Putin sent his “little green men” into Crimea in the spring of 2014. Although the two countries never officially declared war, Russia and its “Ukrainain rebel” proxies invaded and annexed both Crimea and much of Eastern Ukraine over the next year or so. Fierce resistance and international support, however, enabled Ukraine’s outgunned military to hold off further advances from the Russian-supported rebels, and the situation has devolved into a quasi-cease fire stalemate situation.

Political analysts highlight that this kind of “frozen conflict” between Ukraine and Russia is very likely what Putin was trying to accomplish with his invasion of a former ally who was trying to turn towards the West. Moreover, Putin’s “Grey War” against Ukraine was not limited to just military intervention. According to cybersecurity experts, the Russians have also been waging a covert cyberwar against the Ukrainians, and were probably responsible for the recent Ukraine energy grid hack that left almost a quarter of the country without power for an extended period of time.

Details on Ukraine power grid hack blamed on Russia

A huge chunk of Ukraine suffered a power outage on December 23rd. Prykarpattya Oblenergo, a power distributor with 538,000 customers, noted that 27 of its substations were somehow taken offline. That led to 103 communities being “completely blacked out,” and another 186 towns and cities seeing limited power blackouts.

Most curiously, Ukrainian customers were unable to report the blackout after it happened. Somehow the call centers at Prykarpattya Oblenergo and another energy provider were simultaneously being blocked with DDOS attacks.

The energy distributor then made the call to move back to manual controls and sent engineering teams to manually turn switches back “on” at the various localities. The situation was back under control within six hours. However, several weeks layer it’s still not clear just exactly what happened to cause the Ukraine power outage.

In a statement, Prykarpattya Oblenergo said there had been “a hacker attack” on its IT systems and had managed to access the controls for the management of electricity.

When technical staff attempted to turn the power back “on” after the blackout on December 23rd they found out that a virus had damaged the systems used to monitor equipment, based on a report from the SANS Institute, who have made an analysis of the malware.

The U.S. Department of Homeland Security has been requested to collaborate Ukrainian investigators. The current theory is that an employee at the power firm opened a Microsoft Word document loaded with malware

Officials at the DHS spoke to CNNMoney and said that Ukrainian computers had been infected with a new version of a known Russian malware named BlackEnergy 3.

According to the CNNMoney report, a number of investigators have now confirmed that the entire Ukraine energy grid hack was coordinated and designed to make the blackout last longer.

“A remote adversary was flooding the call center,” explained cybersecurity expert Robert M. Lee in a recent talk at the S4X16 cybersecurity conference in Miami Beach.

“It was a very deliberate… dialing of thousands of phone calls to deny access to… customers calling in and reporting the outage,” he continued.

Security experts emphasize that this recent Ukraine energy grid attack should be a wake up call for U.S. and European power distribution firms. In fact, the DHS has already circulated warnings that BlackEnergy malware has infected many industrial control systems that serve key roles in U.S. infrastructure. The experts also warn that the American and most European energy grids are much more automated than Ukraine’s, meaning a cyberattack could be much more difficult to stop and to repair afterwards.

Leave a Comment