GridU.S. assisting Ukraine investigate 23 December cyberattack on power grid
The United States is helping Ukraine investigate last month’s cyberattack last month which disrupted the country’s power grid and left some 80,000 customers without power. Experts say that the 23 December attack against western Ukraine’s Prykarpattyaoblenergo utility was the first known power outage caused by a cyberattack.
Search on for cause of Ukraine power outage // Source: commons.wikimedia.org
The United States is helping Ukraine investigate last month’s cyberattack last month which disrupted the country’s power grid and left some 80,000 customers without power.
CNBC reports that experts say that the 23 December attack against western Ukraine’s Prykarpattyaoblenergo utility was the first known power outage caused by a cyberattack. Ukraine’s SBU state security service has blamed Russia for the incident. U.S. cyber firm iSight Partners linked it to a Russian hacking group known as “Sandworm” (see this blog post on iSight’s Web site: “Sandworm Team and the Ukrainian Power Authority Attacks”).
DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), circulated an e-mail alert on Tuesday, saying that malicious software found in the utility’s network was analyzed, and was identified as BlackEnergy 3, a variant of malware that the agency previously said had infected some U.S. critical infrastructure operators in 2014.
CNBC notes that in its December 2014 report of an earlier-version BlackEnergy 3 infection, DHS said it did not know of any cases in which BlackEnergy caused physical disruption to U.S. power systems.
A DHS official said on Tuesday that government investigators have not confirmed whether the BlackEnergy malware caused the Ukraine incident.
“At this time there is no definitive evidence linking the power outage in Ukraine with the presence of the malware,” said the official, who spoke on the condition of anonymity.
Yesterday’s ICS-CERT alert noted that the attackers have spread the BlackEnergy malware in Ukraine through a phishing campaign which used a malicious Microsoft Word e-mail attachment.
Tuesday’ alert was the first U.S. government public comment on the Ukraine power outage. ICS-CERT will provide additional technical data on a confidential government portal.(1.usa.gov/1Fbc9mQ).
Experts attending the S4 ICS Security conference on securing critical infrastructure from cyberattacks – the conference is being held this week in Miami, Florida — said they want to know more about the incident in Ukraine.
Michael Toecker, a consulting engineer who advises utilities on grid security, told CNBC that some clients are asking ‘What do we need to do to make sure this doesn’t happen to us?’”
