Attack On Ukraine's Power Grid Targeted Transmission Stations

The hackers behind the 2016 Ukraine power cyber-attack had aimed to create conditions to inflict physical damage to the targeted transmission station. A new study by the researchers from the specialist industrial cyber security firm Dragos has recreated the timeline of the attack in an attempt to shed new light on the real motives behind this attack.

In December 2016, Russian hackers planted a malware called "Crash Override" or "Industroyer" in the network of Ukrenergo which is the Ukraine's national grid operator. The malicious programme was then used at around midnight, just two days before Christmas, to trip each single circuit breaker in a power transmission station located close to Kiev, Ukraine's capital. The result was a quick blackout enveloping the most parts of Kiev.

Although Ukrenergo's engineers were able to restore the power back in about an hour, the incident left many unanswered questions for experts, such as, why Russian hackers used a sophisticated malware to trigger just a one-hour blackout in Ukraine?

The Dragos study entitled "CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack", attempts to offer potential answers to all such questions.

In this study, researchers re-examined malware's code as well as the network logs of Ukrenergo's systems. They concluded that the hackers had actually aimed to cause physical damage that would have prolonged the blackout to several weeks and possibly also put the lives of on-site operators at risk.

According to the researchers, the hackers first deployed "Crash Override" and used it to trip every single circuit breaker in the grid station, which caused a blackout in Kiev.

Then, about an hour later, they disabled the digital systems of the station to prevent operators from monitoring those systems.
Lastly, hackers exploited a known security bug in station's Siprotec protective relays to disable those equipment, thereby making the station susceptible to dangerously high frequencies of electricity.Protective relays are equipment used to monitor high currents and frequencies at the grid station. Although, Siemens had released a patch in 2015 to fix the vulnerability, many grid stations in Ukraine failed to update their systems in a timely manner. That opened opportunities for hackers to put the device to sleep by just sending an electrical impulse.

Ukraine is not the only country in the world where hackers have constantly tried to target and disrupt the power supply.
In 2013the US said that utility providers were under cyber-attack with one electricity firm reporting 10,000 attempted cyberattacks in a single month.

In June, it was reported that the US had attacked Russian power grids in order to give the US the potentially to conduct cyber-attacks in the event of a major conflict with Russia. 

Near the end of the Report Drago say, ‘Moving forward, electric utility operators must be aware of how adversaries executed this attack and its implications for operations’. 

Dragos:             Computing:    

You Might Also Read: 

US Power Grid Attack – No Harm Done. This Time:

UK Power Outage - The Cyber Effect?:

 

« 5G Needs A New Generation Of Security
Effective Cybersecurity Requires Both Cyber Training & Insurance Cover »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Technology Institute - De Montfort University

Cyber Technology Institute - De Montfort University

The Cyber Technology Institute provides training and high quality research and consultancy services in the fields of cyber security, software engineering and digital forensics.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

Vivitec

Vivitec

Vivitec security services are tailored for your business, industry, risk, technology, and size to ensure great protection and planned response for the inevitable cyber-attacks on your business.

Blue Lance

Blue Lance

Blue Lance is a global provider of cybersecurity governance solutions. Our software solutions automatically collect and store the information necessary for investigations, audit and compliance.

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Mobb

Mobb

Mobb's AI-powered technology automates vulnerability remediations to significantly reduce security backlogs and free developers to focus on innovation.