It begins: First cyber attack that took a power station offline occurred in Ukraine in December

cyber_attack

(Cyberwar.news) Experts have been warning for years that Western society’s outsized reliance on the Internet to manage critical infrastructure was a growing liability in the age of cyber warfare, and now they have been proven correct.

The first successful instance of a cyber attack aimed at taking a power station offline occurred in western Ukraine in December, according to the International Business Times, in what will serve as a harbinger of what future great-power conflict will entail.

The IBT noted that cybersecurity researchers at the firm ESET believe the attack was the first-known use of hackers disabling a power station.

The news site further reported:

The incident left homes in the Ivano-Frankivsk region of Ukraine without electricity for several hours in December 2015. The malware used to carry out the attacks is believed to be the BlackEnergy Trojan, first developed in 2007 to carry out distributed denial of service (DDoS) attacks. It has since been upgraded to carry out more sophisticated tasks, such as cyber-espionage.

“We found out that the attackers have been using a malware family on which we have had our eye for quite some time now: BlackEnergy,” researchers from antivirus firm ESET wrote in a blogpost.

 

 

“Destructive malware is not a new phenomenon,” the post continued. “While even some of the earliest viruses used to have destructive functionality intended mostly as a prank, today’s cyber-criminals use such components for a number of reasons, ranging from sabotage, or hacktivism, to covering their tracks after a successful cyber-espionage attack.”

Researchers are not sure of the origin of the attack, but Ukraine’s state security services have blamed “Russian security services” as the responsible party.

Russian officials have not commented.

According to ESET, the power station’s servers were accessed and infected via Microsoft Office files that were attached to spearphishing emails that purported to originate from Rada, the Ukrainian parliament.

“It’s a milestone because we’ve definitely seen targeted destructive events against energy before – oil firms, for instance – but never the event which causes the blackout,” John Hultquist, head of iSight’s cyber espionage intelligence practice, told Ars Technica. “It’s the major scenario we’ve all been concerned about for so long.”

See also:

International Business Times

Cyberwar.news