On December 23, 2015, the

power grid An electrical grid is an interconnected network for electricity delivery from producers to consumers. Electrical grids vary in size and can cover whole countries or continents. It consists of:Kaplan, S. M. (2009). Smart Grid. Electrical Power ...

in two western oblasts of

Ukraine Ukraine ( uk, Україна, Ukraïna, ) is a country in Eastern Europe. It is the second-largest European country after Russia, which it borders to the east and northeast. Ukraine covers approximately . Prior to the ongoing Russian inv ...

was hacked, which resulted in

power outages A power outage (also called a powercut, a power out, a power failure, a power blackout, a power loss, or a blackout) is the loss of the electrical power network supply to an end user. There are many causes of power failures in an electricity ...

for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing

Russo-Ukrainian War The Russo-Ukrainian War; uk, російсько-українська війна, rosiisko-ukrainska viina. has been ongoing between Russia (alongside Russian separatists in Ukraine) and Ukraine since February 2014. Following Ukraine's Rev ...

(2014-present) and is attributed to a Russian

advanced persistent threat An advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may ...

group known as " Sandworm". It is the first publicly acknowledged successful cyberattack on a power grid.

Description

On 23 December 2015, hackers using the BlackEnergy 3 malware remotely compromised information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers. Most affected were consumers of Prykarpattyaoblenergo ( uk, Прикарпаттяобленерго; servicing Ivano-Frankivsk Oblast): 30 substations (7 110kv substations and 23 35kv substations) were switched off, and about 230,000 people were without electricity for a period from 1 to 6 hours. At the same time, consumers of two other energy distribution companies, Chernivtsioblenergo ( uk, Чернівціобленерго; servicing

Chernivtsi Oblast Chernivtsi Oblast ( uk, Черніве́цька о́бласть, Chernivetska oblast), also referred to as Chernivechchyna ( uk, Чернівеччина) is an oblast (province) in Western Ukraine, consisting of the northern parts of the regio ...

) and Kyivoblenergo ( uk, Київобленерго; servicing

Kyiv Oblast Kyiv Oblast ( uk, Ки́ївська о́бласть, translit=Kyïvska oblast), also called Kyivshchyna ( uk, Ки́ївщина), is an oblast (province) in central and northern Ukraine. It surrounds, but does not include, the city of Kyiv, w ...

) were also affected by a cyberattack, but at a smaller scale. According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to the

Russian Federation Russia (, , ), or the Russian Federation, is a transcontinental country spanning Eastern Europe and Northern Asia. It is the largest country in the world, with its internationally recognised territory covering , and encompassing one-eig ...

Vulnerability

In 2019, it was argued that Ukraine was a special case, comprising unusually dilapidated infrastructure, a high level of corruption, the ongoing

, and exceptional possibilities for Russian infiltration due to the historical links between the two countries. The Ukrainian power grid was built when it was part of the Soviet Union, has been upgraded with Russian parts and (as of 2022), still not been fixed. Russian attackers are as familiar with the software as operators. Furthermore, the timing of the attack during the holiday season guaranteed only a skeleton crew of Ukrainian operators were working (as shown in videos).

Method

The cyberattack was complex and consisted of the following steps: * Prior compromise of corporate networks using spear-phishing emails with BlackEnergy malware * Seizing SCADA under control, remotely switching substations off * Disabling/destroying

IT infrastructure Information technology infrastructure is defined broadly as a set of information technology (IT) components that are the foundation of an IT service; typically physical components (computer and networking hardware and facilities), but also vario ...

components (

uninterruptible power supplies An uninterruptible power supply or uninterruptible power source (UPS) is an electrical apparatus that provides emergency power to a load when the input power source or mains power fails. A UPS differs from an auxiliary or emergency power system ...

modem A modulator-demodulator or modem is a computer hardware device that converts data from a digital format into a format suitable for an analog transmission medium such as telephone or radio. A modem transmits data by Modulation#Digital modulati ...

s, RTUs, commutators) * Destruction of files stored on servers and workstations with the KillDisk malware * Denial-of-service attack on call-center to deny consumers up-to-date information on the blackout. * Emergency power at the utility company’s operations center was switched off. In total, up to 73 MWh of electricity was not supplied (or 0.015% of daily electricity consumption in

References

External links

* Adi Nae Gamliel (2017-10-6
"Securing Smart Grid and Advanced Metering Infrastructure"
* * * * *

ICS-CERT The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of C ...

ICS-CERT

Cyber-Attack Against Ukrainian Critical Infrastructure (IR-ALERT-H-16-056-01)
{{Hacking in the 2010s Cyberattacks on energy sector 2015 in Ukraine Russo-Ukrainian War Power outages December 2015 crimes in Europe December 2015 events in Ukraine Hacking in the 2010s Russian–Ukrainian cyberwarfare

Description

Vulnerability

Method

See also

References

Further reading

External links