June 15, 2017 (LBO) – Cybersecurity researchers say the 2016 attack on Ukraine’s power grid that deprived part of its capital Kiev of power was caused by a cyberattack — specifically, of the grid-sabotaging malware variety.
A week before last Christmas, hackers struck an electric transmission station north of the city of Kiev, blacking out a portion of the Ukrainian capital equivalent to a fifth of its total power capacity.
Researchers have found disturbing evidence that the blackout may have only been a dry run, Wired reports. The hackers appear to have been testing the most evolved specimen of grid-sabotaging malware ever observed.
“This is extremely alarming for the fact that nothing about it is unique to Ukraine,” says Robert M. Lee, the founder of the security firm Dragos and a former intelligence analyst focused on critical infrastructure security.
“They’ve built a platform to be able to do future attacks.”
ESET researchers have since analyzed samples of malware, detected by ESET as Win32/Industroyer.
WeLiveSecurity says the malware is capable of doing significant harm to electric power systems and could also be refitted to target other types of critical infrastructure.
“Industroyer is a particularly dangerous threat, since it is capable of controlling electricity substation switches and circuit breakers directly. To do so, it uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems (such as water and gas).”
“These switches and circuit breakers are digital equivalents of analogue switches; technically they can be engineered to perform various functions.”