Hackers likely caused a Dec. 23 electricity outage in Ukraine by remotely switching breakers to cut power, after installing malware to prevent technicians from detecting the attack, a report analyzing how the incident unfolded said.
The report from Washington-based SANS ICS was released late on Saturday, providing the first detailed analysis of what caused a six-hour outage for about 80,000 customers of Western Ukraine’s Prykarpattyaoblenergo utility.
SANS ICS, which advises infrastructure operators on combating cyberattacks, also said the attackers crippled the utility’s customer-service center by flooding it with telephone calls to prevent customers from alerting the utility that power was down.
“This was a multi-pronged attack against multiple facilities. It was highly coordinated with very professional logistics,” said Robert Lee, a former US air force cyberwarfare operations officer, who helped compile the report for SANS ICS.
“They sort of blinded them in every way possible,” Lee added.
Experts have widely described the incident as the first known power outage caused by a cyberattack.
Ukraine’s SBU state security service blamed Russia, and US cyberfirm iSight Partners identified the perpetrator as a Russian hacking group known as “Sandworm.”
The Ukrainian Ministry of Fuel and Energy said it would hold off on discussing the matter until after Jan. 18, following completion of a formal probe into the matter.
The utility’s operators were able to quickly recover by switching to manual operations, essentially disconnecting infected workstations and servers from the grid, the report said.
SANS ICS said on its blog it had “high confidence” in its findings, which were based on discussions and analysis from “multiple international community members and companies.” The report’s authors declined to identify those sources.
US critical infrastructure security expert Joe Weiss said he believed the report’s findings would be validated.
“They did a phenomenal job,” Weiss said.
There is strong interest in the outage because of concerns that similar techniques could be used to launch more attacks on power operators internationally.
“What is now true is that a coordinated cyberattack consisting of multiple elements is one of the expected hazards [electric utilities] may face,” SANS ICS director Michael Assante said in a blog.
“We need to learn and prepare ourselves to detect, respond and restore from such events in the future,” said Assante, former chief security officer of the quasi-governmental North American Electric Reliability Corp.
DIPLOMATIC THAW: The Canadian prime minister’s China visit and improved Beijing-Ottawa ties raised lawyer Zhang Dongshuo’s hopes for a positive outcome in the retrial China has overturned the death sentence of Canadian Robert Schellenberg, a Canadian official said on Friday, in a possible sign of a diplomatic thaw as Canadian Prime Minister Mark Carney seeks to boost trade ties with Beijing. Schellenberg’s lawyer, Zhang Dongshuo (張東碩), yesterday confirmed China’s Supreme People’s Court struck down the sentence. Schellenberg was detained on drug charges in 2014 before China-Canada ties nosedived following the 2018 arrest in Vancouver of Huawei chief financial officer Meng Wanzhou (孟晚舟). That arrest infuriated Beijing, which detained two Canadians — Michael Spavor and Michael Kovrig — on espionage charges that Ottawa condemned as retaliatory. In January
China’s military news agency yesterday warned that Japanese militarism is infiltrating society through series such as Pokemon and Detective Conan, after recent controversies involving events at sensitive sites. In recent days, anime conventions throughout China have reportedly banned participants from dressing as characters from Pokemon or Detective Conan and prohibited sales of related products. China Military Online yesterday posted an article titled “Their schemes — beware the infiltration of Japanese militarism in culture and sports.” The article referenced recent controversies around the popular anime series Pokemon, Detective Conan and My Hero Academia, saying that “the evil influence of Japanese militarism lives on in
Two medieval fortresses face each other across the Narva River separating Estonia from Russia on Europe’s eastern edge. Once a symbol of cooperation, the “Friendship Bridge” connecting the two snow-covered banks has been reinforced with rows of razor wire and “dragon’s teeth” anti-tank obstacles on the Estonian side. “The name is kind of ironic,” regional border chief Eerik Purgel said. Some fear the border town of more than 50,0000 people — a mixture of Estonians, Russians and people left stateless after the fall of the Soviet Union — could be Russian President Vladimir Putin’s next target. On the Estonian side of the bridge,
Jeremiah Kithinji had never touched a computer before he finished high school. A decade later, he is teaching robotics, and even took a team of rural Kenyans to the World Robotics Olympiad in Singapore. In a classroom in Laikipia County — a sparsely populated grasslands region of northern Kenya known for its rhinos and cheetahs — pupils are busy snapping together wheels, motors and sensors to assemble a robot. Guiding them is Kithinji, 27, who runs a string of robotics clubs in the area that have taken some of his pupils far beyond the rural landscapes outside. In November, he took a team
RSS