Cyberattack that crippled Ukrainian power grid was highly coordinated - Action News
Home WebMail Saturday, November 23, 2024, 12:42 AM | Calgary | -11.5°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Science

Cyberattack that crippled Ukrainian power grid was highly coordinated

Security investigators say they've figured out how hackers likely caused a Dec. 23 electricity outage in Ukraine that left 80,000 people without power for six hours the first known power outage ever caused by a cyberattack.

1st power outage caused by cyberattack suggests similar attacks possible around the globe

'If those requests aren't processed in a timely matter then people don't have access to that information and their democratic rights are not being fulfilled,' says B.C.'s Privacy Commissioner. (Getty Images)

Hackers likely caused a Dec. 23electricity outage in Ukraine by remotely switching breakers tocut power, after installing malware to prevent technicians fromdetecting the attack, according to a report analyzing how theincident unfolded.

The report from Washington-based SANS ICS was released lateon Saturday, providing the first detailed analysis of whatcaused a six-hour outage for some 80,000 customers of WesternUkraine's Prykarpattyaoblenergo utility.

SANS ICS, which advises infrastructure operators oncombating cyberattacks, also said the attackers crippled the
utility's customer-service center by flooding it with phonecalls to prevent customers from alerting the utility that powerwas down.

This was a multi-pronged attack against multiplefacilities. It was highly coordinated with very professionallogistics.-Robert Lee, report contributor

"This was a multi-pronged attack against multiplefacilities. It was highly coordinated with very professional
logistics," said Robert Lee, a former U.S. Air Force cyberwarfare operations officer who helped compile the report forSANS ICS. "They sort of blinded them in every way possible."

Russian hacking group blamed

Experts widely describe the incident as the first knownpower outage caused by a cyberattack. Ukraine's SBU state
security service blamed Russia, and U.S. cyber firm iSightPartners identified the perpetrator as a Russian hacking groupknown as "Sandworm."

A worker repairs a high voltage power line in the Ukraine in 2014. Hackers likely caused a Dec. 23 electricity outage in Ukraine by remotely switching breakers to cut power, after installing malware to prevent technicians from detecting the attack, according to a report analyzing how the incident unfolded. (Gleb Garanich/Reuters)

Ukraine's energy ministry has said it will hold off ondiscussing the matter until after Jan. 18, following completion
of a formal probe into the matter.

The utility's operators were able to quickly recover byswitching to manual operations, essentially disconnecting
infected workstations and servers from the grid, according tothe report.

SANS ICS said on its blog it had "high confidence" in itsfindings, which were based on discussions and analysis from"multiple international community members and companies."

The report's authors declined to identify those sources.

U.S. critical infrastructure security expert Joe Weiss saidhe believed the report's findings would be validated. "They dida phenomenal job," he said.

There is strong interest in the outage because of concernsthat similar techniques could be used to launch more attacks onpower operators around the globe.

"What is now true is that a coordinated cyber attackconsisting of multiple elements is one of the expected hazards
(electric utilities) may face," SANS ICS Director MichaelAssante said in a blog.

"We need to learn and prepare ourselves to detect, respond,and restore from such events in the future," said Assante,former chief security officer of the quasi-governmental NorthAmerican Electric Reliability Corp.