Hackers Infiltrated Ukrainian Power Grid Months Before Cyber-Attack
Attackers controlled some systems within three Ukrainian power companies' networks for more than six months, a fact only revealed after they cut power to more than 225,000 people in December 2015.The cyber-attackers that targeted Ukraine's energy distribution infrastructure in December were "highly structured and resourced," taking down than 27 substations in an attack against Ukrainian power companies, according to a report released by the Electricity Information Sharing and Analysis Center (E-ISAC) on March 21. Three separate energy companies—known as "oblenergos"—all came under attack on Dec. 23, 2015, blacking out power to 225,000 customers. While the companies restored power within a few hours, destructive programs erased much of the data and slowed power companies' efforts to investigate the incident, similar to previous attacks that had targeted oil-and-gas giants Saudi Aramco and RasGas as well as entertainment firm Sony Pictures, three investigators from cyber-security company SANS Institute stated in the report. "This is an escalation from past destructive attacks that impacted general-purpose computers and servers," they wrote. "Several lines were crossed in the conduct of these attacks as the targets can be described as solely civilian infrastructure." The attackers used a variety of common techniques to infiltrate the energy companies' systems, such as spearphishing, malware-laden Microsoft Office documents and a common malware program known as BlackEnergy 3.
However, they also created custom malware that shut down the energy firm's distribution substations. In addition, the attackers targeted the call center for the Ukrainian electricity-distribution firm Kyivoblenergo, making it more difficult for customers to report outages.