The recent power outages in Ukraine which saw upwards of 80,000 people left without electricity, are now said to have been caused by hackers. The BlackEnergy malware is thought to have been used in the attack, with a coordinated effort made to shut down the power, hinder its repair and preventions put in place to reduce the ability of customers to report the fault.
Although it has been suggested that infected Microsoft-office documents may have been used to infect relevant systems, there is no proof that such an avenue was used for the attack. However often with large scale hacks the simplest vectors can be used to gain an initial foothold. Phishing emails are a fairly common tactic for getting that digital foot in the door.
Detailed by the SANS industrial control systems team, the attack was said to involve hacking into power-company system, before using that access to open circuit breakers and cutting the power. Wide-spread deletions were then used to hinder attempts at restoring power to those affected and (as per Ars) DDOS tactics were then used to make it hard for people to report the problem.
While there are still many details left to discover about the attack, it has now been confirmed as a nefarious action by outside actors. Whether it was caused by someone looking to gain financially or politically from the outage remains to be seen. No one has yet come forward to admit the attack.
However, the creators of the BlackEnergy malware are known to be a Russian hacking group, so they are the prime suspects at this time.
KitGuru Says: As with our policy of not naming hacking groups that disrupt major services, we won’t be naming the suspected group in this instance.