Hackers cause power outage with malware in Ukraine. Is it an Information warfare act?

Hackers cause power outage with the BlackEnergy malware in Ukraine. Is it an Information warfare act?

Cyber security of ICS e SCADA systems in the critical infrastructure is essential, these components are a privileged target of cyber criminals and state sponsor hackers.

The most popular SCADA attack in the history is the one conducted against control systems in the Iranian nuclear plant in Natanz with the Stuxnet malware.

Stuxnet is considered the first cyber weapon used by the US/Israeli Government to the Iranian nuclear programme.

Other malware were later designed to target systems managed by the company in the energy industry, HavexShamoon and BlackEnergy are some examples of this malware.

A few days ago I have written about the discovery of a new variant of the BlackEnergy malware made by experts at ESET, which provided details of the new campaign that targeted Ukrainian news media and electric industry in 2015.

Now experts at ESET discovered a new component in the BlackEnergy trojan, the KillDisk component, which is capable of destroying some 4000 different file types and rendering machines unbootable.

“ESET has recently discovered that the BlackEnergy trojan was recently used as a backdoor to deliver a destructive KillDisk component in attacks against Ukrainian news media companies and against the electrical power industry. ” states the blog post published by ESET.

p1

The hackers used the highly destructive malware to compromise the systems at three regional power authorities in Ukraine. The attacks caused blackouts across the Ivano-Frankivsk region of Ukraine on 23rd December.

According to a Ukrainian media TSN, the power outage was caused by a destructive malware that disconnected electrical substations.

The Ukraine energy ministry confirmed blackouts and revealed that the Government is investigating on the causes. It seems that a cyber attack disrupted local energy provider Prykarpattyaoblenergo, causing the major power outage that left half population in the region without electricity.

Experts speculate that the hackers run a spear phishing campaign across the Ukrainian power authorities to spread the destructive variant to the BlackEnergy leveraging on Microsoft Office documents.

The attribution of the attack is not simple, we are only aware that the BlackEnergy malware has a Russian origin and that Russian has a political dispute with the Ukraine that had repercussion also on the cyberspace.

I fear we will assist to other similar attacks in the future, and this is very disturbing.

Pierluigi Paganini

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

Information Warfare and What Infosec Needs to Know Interview with Morten Kjaersgaard, CEO of Heimdal Security on How Cybersecurity Businesses are Tackling the Ukraine Crisis Russia’s Invasion of Ukraine Lays Ground for a New Era of Cyberwarfare
January 7, 2016

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X