Hackers were behind a cyber attack on Ukraine in December that had real offline consequences: A blackout that killed electricity to roughly 700,000 homes.
On December 23, around half the homes in Ukraine's Ivano-Frankivsk region lost power for at least a few hours. Initially reported in Ukrainian media as being caused by hackers, cybersecurity experts have now confirmed that was the case, saying the power company was infected with malicious software.
REUTERS/Pavel Rebrov"It's certainly not surprising," Joanie Myers, a cybersecurity expert with Strategic Link Partners, told Tech Insider in a phone interview. "If you look at the power grid, it's a set of snapped-in associations ... an attack against one piece of it can cause multiple pieces to fail."
Cybersecurity researchers with iSIGHT Partners obtained the malware — believed to be the "BlackEnergy" trojan virus — and told Ars Technica an attack such as this one against an energy provider was "the major scenario we've all been concerned about for so long."
Ukraine's security service blamed the incident on Russia, though tracing the source of the attack is still an open question.
"In its simplest form, a piece of malware can have an array of capabilities," Myers said. "It can affect the ability of the device to boot. Different types of malware can destroy parts of a hard drive."
Here's how Black Energy works, according to an excellent summary from ESET Security:
The cyberattackers sent out emails to their targets using spoofed addresses (those that look like they came from someone else) from Ukrainian parliament members. Inside was a Microsoft Excel attachment enticing the victim to run a macro, or a tiny computer command. Once it was run, the computer was infected — giving the attacker the ability to control the computer, delete files, or in the case of this attack, make the system unbootable.
Though this is the first time hackers have managed to cut electricity using online methods, there have been other cyber attacks on physical infrastructure. A US-created virus called "Stuxnet" wreaked havoc on Iranian nuclear sites in 2009, while a hack on a German steel mill in 2014 caused "massive damage."