Attack On Ukraine's Power Grid Targeted Transmission Stations

The hackers behind the 2016 Ukraine power cyber-attack had aimed to create conditions to inflict physical damage to the targeted transmission station. A new study by the researchers from the specialist industrial cyber security firm Dragos has recreated the timeline of the attack in an attempt to shed new light on the real motives behind this attack.

In December 2016, Russian hackers planted a malware called "Crash Override" or "Industroyer" in the network of Ukrenergo which is the Ukraine's national grid operator. The malicious programme was then used at around midnight, just two days before Christmas, to trip each single circuit breaker in a power transmission station located close to Kiev, Ukraine's capital. The result was a quick blackout enveloping the most parts of Kiev.

Although Ukrenergo's engineers were able to restore the power back in about an hour, the incident left many unanswered questions for experts, such as, why Russian hackers used a sophisticated malware to trigger just a one-hour blackout in Ukraine?

The Dragos study entitled "CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack", attempts to offer potential answers to all such questions.

In this study, researchers re-examined malware's code as well as the network logs of Ukrenergo's systems. They concluded that the hackers had actually aimed to cause physical damage that would have prolonged the blackout to several weeks and possibly also put the lives of on-site operators at risk.

According to the researchers, the hackers first deployed "Crash Override" and used it to trip every single circuit breaker in the grid station, which caused a blackout in Kiev.

Then, about an hour later, they disabled the digital systems of the station to prevent operators from monitoring those systems.
Lastly, hackers exploited a known security bug in station's Siprotec protective relays to disable those equipment, thereby making the station susceptible to dangerously high frequencies of electricity.Protective relays are equipment used to monitor high currents and frequencies at the grid station. Although, Siemens had released a patch in 2015 to fix the vulnerability, many grid stations in Ukraine failed to update their systems in a timely manner. That opened opportunities for hackers to put the device to sleep by just sending an electrical impulse.

Ukraine is not the only country in the world where hackers have constantly tried to target and disrupt the power supply.
In 2013the US said that utility providers were under cyber-attack with one electricity firm reporting 10,000 attempted cyberattacks in a single month.

In June, it was reported that the US had attacked Russian power grids in order to give the US the potentially to conduct cyber-attacks in the event of a major conflict with Russia. 

Near the end of the Report Drago say, ‘Moving forward, electric utility operators must be aware of how adversaries executed this attack and its implications for operations’. 

Dragos:             Computing:    

You Might Also Read: 

US Power Grid Attack – No Harm Done. This Time:

UK Power Outage - The Cyber Effect?:

 

« 5G Needs A New Generation Of Security
Effective Cybersecurity Requires Both Cyber Training & Insurance Cover »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

Tigerscheme

Tigerscheme

Tigerscheme is a certification scheme for information security specialists, backed by University standards and covering a wide range of expertise.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Cyanre

Cyanre

Cyanre delivers state of the art cyber forensic services through software technologies and procedures that exceed conformities of major law enforcement agencies across the globe.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

Crypto Valley Association

Crypto Valley Association

Crypto Valley Association is an independent, government-supported association established to build the world’s leading blockchain and cryptographic technologies ecosystem.

EvoNexus

EvoNexus

EvoNexus is a technology startup incubator with locations in San Diego, Orange County, and Silicon Valley.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Data Defenders

Data Defenders

Data Defenders provide information security technology solutions that empower consumers, businesses and governments with safe and secure IT and cybersecurity infrastructures.

SpectrumWise

SpectrumWise

SpectrumWise is a business technology specialist that provides Managed Services and Managed Security for small and medium IT Networks.