Ukraine blackout is a cyberattack milestone

Hundreds of thousands of homes were left in the dark in what security experts say was a first for hackers with ill intent.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
2 min read
Enlarge Image

Malware is thought to be at fault for plunging hundreds of thousands of Ukrainian homes into darkness.

Sergii Kharchenko/NurPhoto/Corbis

Some cyberattacks are about stealing data, some about monkeying with someone else's machines. This one left innocent bystanders in the dark.

A massive power outage in Ukraine last month has been attributed to hackers targeting the electricity grid with malware. Security researchers say it is the first known instance of a blackout being credibly linked to the actions of malicious hackers.

Security firm iSight Partners claimed Monday that it has obtained malicious code used to execute a temporary takedown of three power substations on the Ukrainian national grid, according to Ars Technica. Hundreds of thousands of homes in the Ivano-Frankivsk region of the country were left without electricity as a result of the attack on December 23.

Attacks on energy sources are fairly commonplace, but have never before caused a blackout, John Hultquist, iSight's head of cyberespionage intelligence practice, told Ars. That makes it a milestone, he said. "It's the major scenario we've all been concerned about for so long."

For several years now, lawmakers and security experts have openly worried about the potential for cyberattacks that could cripple essential public systems, including power and water utilities, transportation systems and communications networks. In November, UK Chancellor George Osborne spoke of fears that terrorist groups such as ISIS could use cyberattacks to deadly effect.

Power grids are an obvious target for hackers who want to impact a large number of people, especially in a world grown dependent on a vast array of electronic gadgets. Until now, hacker-caused blackouts have been more threat than reality. In spite of the daily attempts to penetrate power grids in the US, many providers say the majority of incidents don't even register as "reportable."

As for who might be responsible for the attack, Ukraine has already pointed the finger. Last week the country's energy ministry said the Ukrainian secret service blamed Russia. A special commission is being set up to investigate, Reuters reported. Tensions have been running high between the two countries since 2014, exacerbated by Russian military intervention in the region.

Researchers from security firm ESET believe the outage was caused by malware known as BlackEnergy, a trojan that has been used in previous attacks by Russia against government-related targets in Ukraine. "We can assume with a fairly high amount of certainty that the described toolset was used to cause the power outage in the Ivano-Frankivsk region," said researchers in a blog post outlining the likely scenario detailing how the attack was executed.

With analyses of the malware extracts ongoing, it may be too early to say definitively where the attack originated. Former US Air Force cyber warfare operations officer and CEO of Dragos Security Robert M. Lee said in a blog post that there is not enough evidence yet to reach a conclusive answer on whether BlackEnergy was used in the attack. But if it was, he added, it would add credibility to Ukraine's report that the attack was conducted by Russian security services.