Attack On Ukraine's Power Grid Targeted Transmission Stations

The hackers behind the 2016 Ukraine power cyber-attack had aimed to create conditions to inflict physical damage to the targeted transmission station. A new study by the researchers from the specialist industrial cyber security firm Dragos has recreated the timeline of the attack in an attempt to shed new light on the real motives behind this attack.

In December 2016, Russian hackers planted a malware called "Crash Override" or "Industroyer" in the network of Ukrenergo which is the Ukraine's national grid operator. The malicious programme was then used at around midnight, just two days before Christmas, to trip each single circuit breaker in a power transmission station located close to Kiev, Ukraine's capital. The result was a quick blackout enveloping the most parts of Kiev.

Although Ukrenergo's engineers were able to restore the power back in about an hour, the incident left many unanswered questions for experts, such as, why Russian hackers used a sophisticated malware to trigger just a one-hour blackout in Ukraine?

The Dragos study entitled "CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack", attempts to offer potential answers to all such questions.

In this study, researchers re-examined malware's code as well as the network logs of Ukrenergo's systems. They concluded that the hackers had actually aimed to cause physical damage that would have prolonged the blackout to several weeks and possibly also put the lives of on-site operators at risk.

According to the researchers, the hackers first deployed "Crash Override" and used it to trip every single circuit breaker in the grid station, which caused a blackout in Kiev.

Then, about an hour later, they disabled the digital systems of the station to prevent operators from monitoring those systems.
Lastly, hackers exploited a known security bug in station's Siprotec protective relays to disable those equipment, thereby making the station susceptible to dangerously high frequencies of electricity.Protective relays are equipment used to monitor high currents and frequencies at the grid station. Although, Siemens had released a patch in 2015 to fix the vulnerability, many grid stations in Ukraine failed to update their systems in a timely manner. That opened opportunities for hackers to put the device to sleep by just sending an electrical impulse.

Ukraine is not the only country in the world where hackers have constantly tried to target and disrupt the power supply.
In 2013the US said that utility providers were under cyber-attack with one electricity firm reporting 10,000 attempted cyberattacks in a single month.

In June, it was reported that the US had attacked Russian power grids in order to give the US the potentially to conduct cyber-attacks in the event of a major conflict with Russia. 

Near the end of the Report Drago say, ‘Moving forward, electric utility operators must be aware of how adversaries executed this attack and its implications for operations’. 

Dragos:             Computing:    

You Might Also Read: 

US Power Grid Attack – No Harm Done. This Time:

UK Power Outage - The Cyber Effect?:

 

« 5G Needs A New Generation Of Security
Effective Cybersecurity Requires Both Cyber Training & Insurance Cover »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Citicus

Citicus

Citicus provides world-class security, risk and compliance management software, plus supporting services.

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

Sparta Consulting

Sparta Consulting

Sparta Consulting is an information management and business development full service provider.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

Connectria

Connectria

Connectria provides cloud hosting, remote monitoring, and compliant cloud security solutions and services to enterprises, medium and small businesses.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

TopSOC Information Security

TopSOC Information Security

TopSOC Information Security provide a wide range of security consultation, implementation and training services.

SharkStriker

SharkStriker

SharkStriker is a US based managed security services provider with SOCs and offices across the globe.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.

Intel 471

Intel 471

Intel 471 provides adversary and malware intelligence for leading intelligence, security and fraud teams.

CryptoDATA

CryptoDATA

CryptoDATA develops products and services based on Blockchain technology, that ensure user security and data encryption, applicable in various fields.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

BugProve

BugProve

BugProve offers a firmware analysis tool that speeds up security testing processes and supports compliance needs by automating repetitive tasks and detecting 0-day vulnerabilities.

Reken

Reken

Reken are building a new type of AI platform and products to protect against generative AI threats.

Scalarr

Scalarr

Scalarr is an innovative, next-generation cyber security firm focused on automation and AI to detect and prevent threats in mobile and Edge/IoT infrastructures.