+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Hundreds of thousands of people in Ukraine were left without electricity after hackers took down three power companies

Jan 5, 2016, 16:21 IST

Bruno Vincent/Getty Images

Hundreds of thousands of homes in Ukraine were left without electricity last week after malware infected the networks of regional power companies, according to Ars Technica.

Advertisement

Researchers from security firm iSIGHT Partners said on Monday that the outage occurred after malware disconnected electrical substations.

The firm added that it had obtained samples of the malicious code from at least three regional power operators. It was this code that supposedly caused "destructive events" that resulted in the blackout, which happened on December 23.

If confirmed, the incident will be the first time hackers have successfully used malware to generate a power outage.

"It's a milestone because we've definitely seen targeted destructive events against energy before - oil firms, for instance - but never the event which causes the blackout," John Hultquist, head of iSIGHT's cyber espionage intelligence practice, told Ars Technica. "It's the major scenario we've all been concerned about for so long."

Advertisement

iSIGHT isn't the only security company analysing the attack.

Researchers at a firm called ESET also confirmed that multiple power companies in Ukraine had been infected with "BlackEnergy," a malware package that was first identified in 2007.

"BlackEnergy malware"

The BlackEnergy package was updated two years ago to make it more effective and it now has an ability that makes it impossible to reboot infected computers (e.g. completely break your machine).

Another cause for concern is the fact that ESET recently discovered the BlackEnergy package has been updated with a component called KillDisk, which has the ability to destroy critical parts of a computer hard drive and sabotage industrial control systems, including those used by power companies. The latest version of BlackEnergy is reported to include a backdoored "Secure Shell Utility" that gives attackers permanent access to infected computers.

ESET was unable to confirm that BlackEnergy was directly responsible for last week's outage. However, in a blog post published on Monday, ESET researchers wrote:

Advertisement

The hackers using BlackEnergy, which iSIGHT has nicknamed the "Sandworm" gang, are thought to be behind a number of other attacks, including one on NATO (the North Atlantic Treaty Organisation), several on Ukrainian and Polish government agencies, and a host of others on the private sector.

Researchers at ESET believe the Ukrainian power authorities may have been infected by a Microsoft Office documents that contained "booby-traps" hidden within the macro-functions.

"If true, it's distressing that industrial control systems used to supply power to millions of people could be infected using such a simple social-engineering ploy," wrote Ars Technica security editor Dan Goodin in his report. "It's also concerning that malware is now being used to create power failures that can have life-and-death consequences for large numbers of people."

Last week, Reuters reported that Ukrainian authorities were investigating a suspected cyber attack on its power grid.

ESET has published technical details about the latest BlackEnergy package here.

Advertisement

NOW WATCH: This is how you're compromising your identity on Facebook

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article