Hacker attack on the Ukrainian electricity supply in 2015

On December 23, 2015, the world's first blackout caused by a hacker attack occurred in Ukraine . The incident took place against the background of a political conflict with Russia that had been simmering for months. Thus, Russia was also suspected of having caused the blackout in western Ukraine. This sparked several international investigations into the incident. A detailed analysis of the attack was published in March 2016 by the institutions E-ISAC and ICS-SANS.

procedure

A total of three electricity suppliers and around 225,000 customers in the western Ukrainian region of Ivano-Frankivsk were affected. The electricity suppliers were apparently chosen because of the relatively high level of automation in their distribution networks. Remote decoupling of transformer stations was possible. The attackers first penetrated the IT environment of the electricity supplier's administration. To do this, they used phishing emails and manipulated Microsoft Office documents. The manipulated Office documents contained the crimeware Black Energy . The IT environment of the administration was connected to the IT environment of the network control system via VPN connections . The attackers worked their way from the administration network to the network control system in several months. The blackout was then triggered by operational intervention in the network control system and the decoupling of several transformer stations from the network. At the same time, the attackers deleted system files in order to delay the recovery of the systems and paralyzed the call center of a utility with a denial-of-service attack. Nevertheless, the affected suppliers managed to restore the power supply within three hours.