Hackers in Ukraine recently managed to leave a country's region without electricity, in what appears to be the first time a cyber-attack resulted in a power outage.
According to multiple media reports, half of homes in the Ivano-Frankivsk region in Ukraine were left in the dark on December 23, after hackers used the BlackEnergy Trojan to activate malware called “KillDisk”.
The industrial control systems (ICS) team of the Sans Institute says it was a well-prepared and coordinated attack: “We assess with high confidence based on company statements, media reports, and first-hand analysis that the incident was due to a co-ordinated intentional attack,” wrote Michael Assante, Sans ICS director.
The KillDisk works by overwriting key executable files within industrial control systems which can not only lead to power outages, but can also slow down the restoration process.
The fun part is that, according to researchers, KillDisk itself did not cause the Ukraine outage – it was just part of a greater scheme, which also included direct interaction from the attackers.
Apparently, the attackers also managed to block all communication between customers and the system control, so that they wouldn’t even find out about the outage.
Multiple power companies were attacked, including Prykarpattyaoblenergo and Kyivoblenergo, with the attack on the latter resulting in a power outage for 80,000 homes. The homes were without electricity between three and six hours.
“What is now true is that a coordinated cyber attack consisting of multiple elements is one of the expected hazards they may face. We need to learn and prepare ourselves to detect, respond, and restore from such events in the future,” the report concludes.