HOME

TheInfoList



Click Here for Items Related To - December 2015 Ukraine Power Grid Cyberattack
OR:
December 2015 Ukraine Power Grid Cyberattack on:   [Wikipedia]   [Google]   [Amazon]

On December 23, 2015, the
power grid ''Power Grid'' is the English-language version of the second edition of the multiplayer German-style board game ''Funkenschlag'', designed by Friedemann Friese and first released in 2004. ''Power Grid'' was released by Rio Grande Games. I ...
in two western oblasts of
Ukraine Ukraine is a country in Eastern Europe. It is the List of European countries by area, second-largest country in Europe after Russia, which Russia–Ukraine border, borders it to the east and northeast. Ukraine also borders Belarus to the nor ...
was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing
Russo-Ukrainian War The Russo-Ukrainian War began in February 2014 and is ongoing. Following Ukraine's Revolution of Dignity, Russia Russian occupation of Crimea, occupied and Annexation of Crimea by the Russian Federation, annexed Crimea from Ukraine. It then ...
(2014-present) and is attributed to a Russian
advanced persistent threat An advanced persistent threat (APT) is a stealthy threat actor, typically a State (polity), state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the ...
group known as " Sandworm". It is the first publicly acknowledged successful cyberattack on a power grid.


Description

On 23 December 2015, hackers using the BlackEnergy 3 malware remotely compromised information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers. Most affected were consumers of Prykarpattyaoblenergo (; servicing
Ivano-Frankivsk Oblast Ivano-Frankivsk Oblast (), also referred to as Ivano-Frankivshchyna () or simply Frankivshchyna, is an administrative divisions of Ukraine, oblast (region) in western Ukraine. Its administrative center is the city of Ivano-Frankivsk. It has a pop ...
): 30 substations (7 110kv substations and 23 35kv substations) were switched off, and about 230,000 people were without electricity for a period from 1 to 6 hours. At the same time, consumers of two other energy distribution companies, Chernivtsioblenergo (; servicing
Chernivtsi Oblast Chernivtsi Oblast (), also referred to as Chernivechchyna (), is an oblast (province) in western Ukraine, consisting of the northern parts of the historical regions of Bukovina and Bessarabia. It has an international border with Romania and Moldo ...
) and Kyivoblenergo (; servicing
Kyiv Oblast Kyiv Oblast (, ), also called Kyivshchyna (, ), is an Administrative divisions of Ukraine, oblast (province) in central and northern Ukraine. It surrounds, but does not include, the city of Kyiv, which is administered as a city with special sta ...
) were also affected by a cyberattack, but at a smaller scale. According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to the
Russian Federation Russia, or the Russian Federation, is a country spanning Eastern Europe and North Asia. It is the list of countries and dependencies by area, largest country in the world, and extends across Time in Russia, eleven time zones, sharing Borders ...
.


Vulnerability

In 2019, it was argued that Ukraine was a special case, comprising unusually dilapidated infrastructure, a high level of corruption, the ongoing
Russo-Ukrainian War The Russo-Ukrainian War began in February 2014 and is ongoing. Following Ukraine's Revolution of Dignity, Russia Russian occupation of Crimea, occupied and Annexation of Crimea by the Russian Federation, annexed Crimea from Ukraine. It then ...
, and exceptional possibilities for Russian infiltration due to the historical links between the two countries. The Ukrainian power grid was built when it was part of the Soviet Union, has been upgraded with Russian parts and (as of 2022), still not been fixed. Russian attackers are as familiar with the software as operators. Furthermore, the timing of the attack during the holiday season guaranteed only a skeleton crew of Ukrainian operators were working (as shown in videos).


Method

The cyberattack was complex and consisted of the following steps: * Prior compromise of corporate networks using
spear-phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
emails with BlackEnergy malware * Seizing
SCADA SCADA (an acronym for supervisory control and data acquisition) is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also cove ...
under control, remotely switching substations off * Disabling/destroying
IT infrastructure Information technology infrastructure is defined broadly as a set of information technology (IT) components that are the foundation of an IT service; typically physical components (Computer hardware, computer and networking hardware and facilitie ...
components (
uninterruptible power supplies An uninterruptible power supply (UPS) or uninterruptible power source is a type of continual power system that provides automated backup electric power to a load when the input power source or mains power fails. A UPS differs from a tradition ...
,
modem The Democratic Movement (, ; MoDem ) is a centre to centre-right political party in France, whose main ideological trends are liberalism and Christian democracy, and that is characterised by a strong pro-Europeanist stance. MoDem was establis ...
s, RTUs, commutators) * Destruction of files stored on servers and workstations with the KillDisk malware * Denial-of-service attack on call-center to deny consumers up-to-date information on the blackout. * Emergency power at the utility company’s operations center was switched off. In total, up to 73
MWh A kilowatt-hour ( unit symbol: kW⋅h or kW h; commonly written as kWh) is a non-SI unit of energy equal to 3.6 megajoules (MJ) in SI units, which is the energy delivered by one kilowatt of power for one hour. Kilowatt-hours are a commo ...
of electricity was not supplied (or 0.015% of daily electricity consumption in
Ukraine Ukraine is a country in Eastern Europe. It is the List of European countries by area, second-largest country in Europe after Russia, which Russia–Ukraine border, borders it to the east and northeast. Ukraine also borders Belarus to the nor ...
).


See also

* 2016 Kyiv cyberattack, which resulted in another power outage * Ukrenergo, electricity transmission system operator in Ukraine * Ukrainian energy crisis, 2024 energy shortage in Ukraine * 2017 cyberattacks on Ukraine * Russo-Ukrainian cyberwarfare * Cyberwarfare by Russia * Vulkan files leak


References


Further reading

* *


External links


Adi Nae Gamliel
(2017-10-6
"Securing Smart Grid and Advanced Metering Infrastructure"
* * * * * ICS-CERT
ICS-CERT

Cyber-Attack Against Ukrainian Critical Infrastructure (IR-ALERT-H-16-056-01)
{{Hacking in the 2010s Cyberattacks on energy sector 2015 in Ukraine Russo-Ukrainian War Power outages in Ukraine December 2015 crimes in Europe December 2015 in Ukraine Hacking in the 2010s Russian–Ukrainian cyberwarfare