The Ukraine experienced a serious power outage in December, which affected Ukrenergo’s North substation located at Pivnichna, and plunged a large part of Kiev and surrounding areas into darkness. Ukrenergo is a government-owned energy firm.
Vsevolod Kovalchuk, the head of the Ukrenergo national energy company, posted a message on Facebook explaining that the firm’s specialists restored electricity within 30 minutes manually. Kovalchuk stated that it took slightly over an hour for all operations to go back to normal.
He further explained that the issue was caused either by hackers or by a problem with equipment, saying that interference from an external source via their data network could have resulted in the lack of power.
Ukrenergo has been conducting an investigation into the event and, according to their preliminary results, the company says that the regular operation of their SCADA systems and workstations had been affected by external sources.
Thus, it appears that once hackers penetrated the network, they employed malicious code to take over the power plant’s systems remotely. Specialists are still looking into the situation in an effort to figure out the precise event timeline, as well as to discover where the hackers were able to enter the system. It should be noted that they say it’s possible the malicious code is still on their network but is lying dormant.
Ukrenergo is putting every effort into securing their systems by applying various technological and organizational actions that should improve the resilience of their systems and keep them safe from future attacks.
The BBC reported that ISSP or Information Systems Security Partners, a firm specializing in cybersecurity, found a link between this event and a cyber attack and power outage from 2015 that impacted 225,000 people. The Ukrainian security company, which has been charged with probing the attacks, has apparently discovered a stronger connection.
Thus, ISSP stated that the two attacks were linked, not only to each other but also to a number of separate cyber attacks targeting other government agencies and organizations in December, including a number of ministries, the national pension fund, and the national railway company.
The head of the security firm’s labs, Oleksii Yasnskiy, explained that there were clear similarities between the 2016 cyber attack that caused the power outage and the 2015 one, with the only real difference being that the former had evolved and become much better organized and more complex.
In regards to who is behind these attacks, some in the intelligence community are pointing the finger towards Russia again.