Technology

Hackers behind Ukraine power cuts, says US report

A general view shows the facilities of a mobile gas turbine generator, which was turned on due to recent power outages after pylons carrying electricity were blown up, in the settlement of Stroganovka, Simferopol district of Crimea, November 22, 2015. Image copyright Reuters
Image caption Ukraine has been forced to turn to back-up power sources in recent months following a spate of power cuts

Hackers were behind an attack that cut power to 225,000 people in Ukraine, a US report has concluded.

The December 2015 incident is thought to be the first known successful hack aimed at utilities.

The report, written by the Department of Homeland Security, is based on interviews with staff at Ukrainian organisations that dealt with the aftermath of the attack.

The DHS report did not name the suspected perpetrators.

Viral signature

It said the attack had several stages and initially involved hackers installing malware on computer systems at power generation firms in Ukraine. This gave the attackers remote access to these computers and allowed them to flip circuit breakers turning off power to 80,000 customers of western Ukraine's Prykarpattyaoblenergo utility.

While the power was cut, the attackers also bombarded customer service phone lines with fake calls to stop customers reporting the cut.

The report was written by the cyber-emergency response team in the Industrial Control Systems arm of the DHS. Details of the attack were based entirely on interviews as the cyber-response team has not been able to independently review technical evidence, it said.

Although the DHS did not name any group or nation as being responsible for causing the power cuts, others have amassed information that points to a well-known Russian hacker group as the perpetrators.

Last year, US security firm iSight Partners linked it to a group known as "Sandworm". It said the attack relied on malware known as BlackEnergy 3 - a strain of viruses that has become known as the "calling card" of the group.

The malware is believed to have been delivered via email using a technique known as "spear phishing". This involves sending key employees carefully crafted messages that use information culled from social media to make them more convincing.

Related Topics

More on this story