Tens of thousands of homes in Western Ukraine were left without power last week after a strain of malicious software infiltrated computer networks on at least three power companies, cybersecurity researchers said Monday. The disclosure comes after speculation that Russian hackers, not traditional traditional infrastructure flaws, were responsible for disconnecting Ukrainians from the electrical grid.
The failure occurred on December 23, leaving half of the populated Ivano-Frankivsk region in the dark, and has prompted a Ukrianian investigation into a possible cyberattack. Researchers at the security company iSight Partners took that investigation one step further, saying malware caused “destructive events” which then led to a blackout. If true, it would be the first time malware was the confirmed cause of a widespread electrcicity failure.
“It's a milestone because we've definitely seen targeted destructive events against energy before – oil firms, for instance – but never the event which causes the blackout,” John Hultquist, chief of iSight cyberespionage group, told Ars Technica Monday. “It's the major scenario we've all been concerned about for so long.”
SBU, Ukraine's state security service, has publicly blamed Russia for the attack and the energy ministry in Kiev has organized a commission meant to determine what transpired, Reuters reported. The Kremlin has yet to comment on the accusation, and researchers say it's too early to definitively tell who is behind the attack, but cautioned that if the Russian government is found responsible, it may have pioneered a new method of attack.
“Once there is a precedent, that would open up avenues for states to feel comfortable in going that route,” Robert Lee, a former U.S. Air Force cyberwarfare operations officer and CEO of Dragos Security, told Reuters.