Английская Википедия:2015 Ukraine power grid hack

Материал из Онлайн справочника
Перейти к навигацииПерейти к поиску

Шаблон:Short description On December 23, 2015, the power grid in two western oblasts of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-present) and is attributed to a Russian advanced persistent threat group known as "Sandworm".[1] It is the first publicly acknowledged successful cyberattack on a power grid.[2]

Description

On 23 December 2015, hackers using the BlackEnergy 3 malware remotely compromised information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers. Most affected were consumers of Prykarpattyaoblenergo (Шаблон:Lang-uk; servicing Ivano-Frankivsk Oblast): 30 substations (7 110kv substations and 23 35kv substations) were switched off, and about 230,000 people were without electricity for a period from 1 to 6 hours.[3]

At the same time, consumers of two other energy distribution companies, Chernivtsioblenergo (Шаблон:Lang-uk; servicing Chernivtsi Oblast) and Kyivoblenergo (Шаблон:Lang-uk; servicing Kyiv Oblast) were also affected by a cyberattack, but at a smaller scale. According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to the Russian Federation.[4]

Vulnerability

In 2019, it was argued that Ukraine was a special case, comprising unusually dilapidated infrastructure, a high level of corruption, the ongoing Russo-Ukrainian War, and exceptional possibilities for Russian infiltration due to the historical links between the two countries.[5] The Ukrainian power grid was built when it was part of the Soviet Union, has been upgraded with Russian parts and (as of 2022), still not been fixed.Шаблон:Huh Russian attackers are as familiar with the software as operators. Furthermore, the timing of the attack during the holiday season guaranteed only a skeleton crew of Ukrainian operators were working (as shown in videos).[6]

Method

The cyberattack was complex and consisted of the following steps:[4]

  • Prior compromise of corporate networks using spear-phishing emails with BlackEnergy malware
  • Seizing SCADA under control, remotely switching substations off
  • Disabling/destroying IT infrastructure components (uninterruptible power supplies, modems, RTUs, commutators)
  • Destruction of files stored on servers and workstations with the KillDisk malware
  • Denial-of-service attack on call-center to deny consumers up-to-date information on the blackout.
  • Emergency power at the utility company’s operations center was switched off.[6]

In total, up to 73 MWh of electricity was not supplied (or 0.015% of daily electricity consumption in Ukraine).[4]

See also

References

Шаблон:Reflist

Further reading

External links

Шаблон:Russian intervention in Ukraine Шаблон:Ukraine topics Шаблон:Hacking in the 2010s