Attack On Ukraine's Power Grid Targeted Transmission Stations

Uploaded on 2019-09-25 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Energy

The hackers behind the 2016 Ukraine power cyber-attack had aimed to create conditions to inflict physical damage to the targeted transmission station. A new study by the researchers from the specialist industrial cyber security firm Dragos has recreated the timeline of the attack in an attempt to shed new light on the real motives behind this attack.

In December 2016, Russian hackers planted a malware called "Crash Override" or "Industroyer" in the network of Ukrenergo which is the Ukraine's national grid operator. The malicious programme was then used at around midnight, just two days before Christmas, to trip each single circuit breaker in a power transmission station located close to Kiev, Ukraine's capital. The result was a quick blackout enveloping the most parts of Kiev.

Although Ukrenergo's engineers were able to restore the power back in about an hour, the incident left many unanswered questions for experts, such as, why Russian hackers used a sophisticated malware to trigger just a one-hour blackout in Ukraine?

The Dragos study entitled "CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack", attempts to offer potential answers to all such questions.

In this study, researchers re-examined malware's code as well as the network logs of Ukrenergo's systems. They concluded that the hackers had actually aimed to cause physical damage that would have prolonged the blackout to several weeks and possibly also put the lives of on-site operators at risk.

According to the researchers, the hackers first deployed "Crash Override" and used it to trip every single circuit breaker in the grid station, which caused a blackout in Kiev.

Then, about an hour later, they disabled the digital systems of the station to prevent operators from monitoring those systems.
Lastly, hackers exploited a known security bug in station's Siprotec protective relays to disable those equipment, thereby making the station susceptible to dangerously high frequencies of electricity.Protective relays are equipment used to monitor high currents and frequencies at the grid station. Although, Siemens had released a patch in 2015 to fix the vulnerability, many grid stations in Ukraine failed to update their systems in a timely manner. That opened opportunities for hackers to put the device to sleep by just sending an electrical impulse.

Ukraine is not the only country in the world where hackers have constantly tried to target and disrupt the power supply.
In 2013the US said that utility providers were under cyber-attack with one electricity firm reporting 10,000 attempted cyberattacks in a single month.

In June, it was reported that the US had attacked Russian power grids in order to give the US the potentially to conduct cyber-attacks in the event of a major conflict with Russia. 

Near the end of the Report Drago say, ‘Moving forward, electric utility operators must be aware of how adversaries executed this attack and its implications for operations’. 

Dragos:             Computing:    

You Might Also Read: 

US Power Grid Attack – No Harm Done. This Time:

UK Power Outage - The Cyber Effect?:

 

« 5G Needs A New Generation Of Security
Effective Cybersecurity Requires Both Cyber Training & Insurance Cover »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

PCI Pal

PCI Pal

PCI Pal’s secure cloud payment solutions are certified to the highest level of security by the leading card companies.

Firedome

Firedome

Firedome's tailormade solution for IoT companies is designed to proactively prevent, detect, and respond to inevitable vulnerabilities in connected devices.

At-Bay

At-Bay

At-Bay offer an end-to-end solution to cyber risk with comprehensive risk assessment, a tailored cyber insurance policy and year-long, active, risk-management service.

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

astarios

astarios

astarios provide near-shore software development services including secure software development (DevSecOps), quality assurance and testing.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

Melius Cyber Security

Melius Cyber Security

Melius Cyber Security has developed a world-leading SaaS platform, Cyber Safe Plus, built around continuous assessment and improvement through vulnerability scanning and penetration testing

Atomic Data

Atomic Data

Atomic Data is an on-demand, always-on, pay-as-you-go expert extension of your enterprise IT team and infrastructure.

Verichains

Verichains

Verichains Lab is a pioneer and leading APAC blockchain security firm with extensive expertise in the areas of security, cryptography and core blockchain technology.

CatchProbe Intelligence Technologies

CatchProbe Intelligence Technologies

CatchProbe provides actionable web intelligence, OSINT, deception systems, threat intelligence, and digital crime analytics solutions and products through an AI-Driven intelligence platform.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

Auriga

Auriga

Auriga create innovative software and have become a benchmark for high quality banking software including cyber security solutions to protect business critical devices.

RedNode

RedNode

RedNode is a cybersecurity service provider that offers customized security testing solutions to protect any size of business worldwide.

SentryMark

SentryMark

Stay a Step Ahead of Emerging Threats. Deviate from the traditional siloed defenses and get the proactive and responsive cybersecurity solutions and services you deserve with SentryMark today.