Hackers suspected of causing power outage in Ukraine

This weekend houses and businesses in parts in the northern part of Kiev were plunged into darkness after the electricity supply was unexpectedly cut off.

Authorities are investigating whether the unexpected power outage in Ukraine’s capital could be the latest in a series of hacking attacks which have struck the country’s electric grid and financial infrastructure in the last year.

Although the reason for the outage is not yet confirmed, investigators have said that the leading theory is that the energy grid was struck by a hacking attack, perhaps similar to the one which managed to shut down the power grid in December 2015.

The impacted energy company, Kyivenergo, confirmed that the power outage was unplanned and that it had taken action to restore electricity to its customers. Indeed, it sounds like Kyivenergo did a good job – recovering from the power blackout and restoring energy to households and companies in little more than an hour after the incident.

In a Facebook post, Vsevolod Kovalchuk of Kyivenergo pointed the finger of blame for the outage on “external interference through data network”:

“Don’t blame Kyivenergo. This time they have no guilt.”

Kovalchuk told Reuters that the outage was considerable, amounting to 200 megawatts of capacity, equivalent to about a fifth of the capital’s night-time energy consumption.

“That is a lot. This kind of blackout is very, very rare.”

Infamously, just before Christmas 2015, power companies in Ukraine were targeted by a malware attack that is widely thought to have contributed to the energy blackouts.

The malware attack, known as BlackEnergy, was spread via boobytrapped Word documents and tricked recipients via social engineering into enabling macros to activate the malicious payload.

With attackers actively using techniques like this against their targets it’s no surprise that many organisations are now choosing to permanently disable macros in Microsoft Word.

The hack attacks against Ukraine’s infrastructure didn’t stop there, with another attack following hot on the heels in January 2016, this time using a poisoned XLS spreadsheet to install a backdoor on the country’s power industry networks.

As well as attacks on its energy structure, Ukraine’s government websites have suffered a series of internet attacks designed to disrupt their operation and prevent users from accessing their services.

As recently as last week, Ukrainian officials were blaming the website DDoS attacks on pro-Russian separatists, attempting to prevent the government from keeping the public informed and causing delays in payments.

It’s too early to say for certain whether the Kiev power outage was the work of hackers, or indeed where those hackers might have been based or who might have been sponsoring them. It’s easy to name likely culprits but much much more difficult to reliably attribute with absolute authority who might have been responsible.

Nonetheless, if Ukraine’s power grid was again assaulted by hackers it wouldn’t take a huge leap in logic to determine which country might have a vested interest in causing the disruption.

With luck, more details of precisely what occurred this weekend to Ukraine’s power grid will be made public in the fullness of time.

In the meantime, anyone responsible for the security of industrial control systems and national infrastructure should think long and hard about whether they have done enough to protect their networks, and what can be done to further reduce the opportunities for external hackers to attack.