Researchers have revealed that a destructive malware called KillDisk that has infected three regional power authorities at a minimum are the cause for a major power blackout that affected hundreds of thousands of homes in the country.
This may be the first ever case of a hacker-induced power outage. It’s the real deal wherein a cyber attack targeting a critical infrastructure facility has real world effects affecting hundreds of thousands of people.
The outage was caused on December 23, with hundreds of thousands without electricity in the Ivano-Frankivsk region of Ukraine. A report was published by a regional news outlet from the country – TSN, noting that the outage was the direct result of a malware that affected electrical substations.
Now, researchers from security iSIGHT Partners claim to have obtained samples of the same malware strain that affected the three regional power operators.
John Hultquist, head of iSIGHT’s cyber espionage intelligence practice told ArsTechnica:
It’s a milestone because we’ve definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout.
“It’s the major scenario we’ve all been concerned about for so long,” he added.
Also, researchers from ESET, a popular antivirus provider also confirmed that multiple power authorities in Ukraine were affected by a malware package called “BlackEnergy.” This package was originally discovered in 2007 and was recently updated to include new functions such as infecting targeted computers to the point where they are unbootable.
This new updated strain also destroys critical components of a computer’s hard drive. Additional functions to sabotage industrial control systems have also been discovered.
In a blog published on Monday, ESET researchers wrote:
Our analysis of the destructive KillDisk malware detected in several electricity distribution companies in Ukraine indicates that it is theoretically capable of shutting down critical systems.
ESET researchers also note that Ukrainian power authorities were infected with the age-old macro exploit embedded in Microsoft Office documents. Quite simply, a routine social-engineer ploy may have been the cause behind the disruption of a critical utility such as power. The disruption has led to millions of people’s lives being inconvenienced. Such outages could also result in situations of life-and-death scenarios.
Image credit: Wikimedia.