Wednesday, December 21, 2016

Hackers Suspected of Causing Second Power Outage in Ukraine


The same group of hackers that caused the

power outage across several regions

in Ukraine last Christmas holidays might have once again shut down power supply in northern Ukraine during the weekend.

According to Ukrainian energy provider Ukrenergo, a cyber attack on Kyiv's power grid may have caused the power outages in the country on Saturday, December 17, near midnight.

The blackout affected the northern part of Kiev, the country's capital, and surrounding areas, Ukrenergo Director

Vsevolod Kovalchuk explained

in a post on Facebook.

Shortly after the incident, Ukrenergo engineers switched to manual mode and started restoring power in approximately 30 minutes in an effort to deal with the cyber attack. Power was fully restored after just an hour and fifteen minutes of the blackout.

According to Kovalchuk, the one responsible for the weekend outage could be an

"external interference through data network,"

however, the company's cybersecurity experts are investigating the incident and will provide more information soon.

Although the reason for the outage is not yet confirmed, authorities believe that the unexpected power outage could be the latest in the series of cyber attacks that managed to strike the Ukrainian electric grid and financial infrastructure in December 2015.

The 2015 energy blackouts were caused with the help of a malware attack, known as

BlackEnergy

, which was distributed through boobytrapped Word documents and tricked recipients into enabling macros to activate the malicious payload.

Last year, the Ukraine's state security service SBU blamed Russia for causing outages by planting malware on the networks of several regional energy companies.

Also, the United States Cyber firm iSight Partners identified the perpetrator as a Russian group of hackers known as "

Sandworm

."

While security experts have found no hard evidence that links these attacks on Ukrainian energy grid to Russia, they believe that the attackers appear to be a nation state with significant resources.

SCADA system has always been an attractive target for cybercrooks, given the success of

Stuxnet malware

that was developed by the US and Israeli together to sabotage the Iranian nuclear facilities a few years ago, and "

Havex

" that previously targeted organizations in the energy sector.



from The Hacker News http://ift.tt/2h8Z2Bx

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.