Hackers likely caused a Dec. 23 electricity outage in Ukraine by remotely switching breakers to cut power, after installing malware to prevent technicians from detecting the attack, a report analyzing how the incident unfolded said.
The report from Washington-based SANS ICS was released late on Saturday, providing the first detailed analysis of what caused a six-hour outage for about 80,000 customers of Western Ukraine’s Prykarpattyaoblenergo utility.
SANS ICS, which advises infrastructure operators on combating cyberattacks, also said the attackers crippled the utility’s customer-service center by flooding it with telephone calls to prevent customers from alerting the utility that power was down.
“This was a multi-pronged attack against multiple facilities. It was highly coordinated with very professional logistics,” said Robert Lee, a former US air force cyberwarfare operations officer, who helped compile the report for SANS ICS.
“They sort of blinded them in every way possible,” Lee added.
Experts have widely described the incident as the first known power outage caused by a cyberattack.
Ukraine’s SBU state security service blamed Russia, and US cyberfirm iSight Partners identified the perpetrator as a Russian hacking group known as “Sandworm.”
The Ukrainian Ministry of Fuel and Energy said it would hold off on discussing the matter until after Jan. 18, following completion of a formal probe into the matter.
The utility’s operators were able to quickly recover by switching to manual operations, essentially disconnecting infected workstations and servers from the grid, the report said.
SANS ICS said on its blog it had “high confidence” in its findings, which were based on discussions and analysis from “multiple international community members and companies.” The report’s authors declined to identify those sources.
US critical infrastructure security expert Joe Weiss said he believed the report’s findings would be validated.
“They did a phenomenal job,” Weiss said.
There is strong interest in the outage because of concerns that similar techniques could be used to launch more attacks on power operators internationally.
“What is now true is that a coordinated cyberattack consisting of multiple elements is one of the expected hazards [electric utilities] may face,” SANS ICS director Michael Assante said in a blog.
“We need to learn and prepare ourselves to detect, respond and restore from such events in the future,” said Assante, former chief security officer of the quasi-governmental North American Electric Reliability Corp.
NEW STORM: investigators dubbed the attacks on US telecoms ‘Salt Typhoon,’ after authorities earlier this year disrupted China’s ‘Flax Typhoon’ hacking group Chinese hackers accessed the networks of US broadband providers and obtained information from systems that the federal government uses for court-authorized wiretapping, the Wall Street Journal (WSJ) reported on Saturday. The networks of Verizon Communications, AT&T and Lumen Technologies, along with other telecoms, were breached by the recently discovered intrusion, the newspaper said, citing people familiar with the matter. The hackers might have held access for months to network infrastructure used by the companies to cooperate with court-authorized US requests for communications data, the report said. The hackers had also accessed other tranches of Internet traffic, it said. The Chinese Ministry of Foreign Affairs
STICKING TO DEFENSE: Despite the screening of videos in which they appeared, one of the defendants said they had no memory of the event A court trying a Frenchman charged with drugging his wife and enlisting dozens of strangers to rape her screened videos of the abuse to the public on Friday, to challenge several codefendants who denied knowing she was unconscious during their actions. The judge in the southern city of Avignon had nine videos and several photographs of the abuse of Gisele Pelicot shown in the courtroom and an adjoining public chamber, involving seven of the 50 men accused alongside her husband. Present in the courtroom herself, Gisele Pelicot looked at her telephone during the hour and a half of screenings, while her ex-husband
EYEING THE US ELECTION: Analysts say that Pyongyang would likely leverage its enlarged nuclear arsenal for concessions after a new US administration is inaugurated North Korean leader Kim Jong-un warned again that he could use nuclear weapons in potential conflicts with South Korea and the US, as he accused them of provoking North Korea and raising animosities on the Korean Peninsula, state media reported yesterday. Kim has issued threats to use nuclear weapons pre-emptively numerous times, but his latest warning came as experts said that North Korea could ramp up hostilities ahead of next month’s US presidential election. In a Monday speech at a university named after him, the Kim Jong-un National Defense University, he said that North Korea “will without hesitation use all its attack
Scientists yesterday announced a milestone in neurobiological research with the mapping of the entire brain of an adult fruit fly, a feat that might provide insight into the brains of other organisms and even people. The research detailed more than 50 million connections between more than 139,000 neurons — brain nerve cells — in the insect, a species whose scientific name is Drosophila melanogaster and is often used in neurobiological studies. The research sought to decipher how brains are wired and the signals underlying healthy brain functions. It could also pave the way for mapping the brains of other species. “You might