Months after malware enabled a power-blackout in parts of Ukraine, the scale of the hacking campaign has come to light.
Months after malware enabled a power-blackout in parts of Ukraine, more clues about the perpetrators of the attack, as well as the potential scale of the hacking campaign have come to light.
After conducting its investigation, the country’s energy ministry concluded that hackers made phone calls from inside Russia, and used a Russian-based internet service provider as part of their coordinated attack on the Ukrainian power grid in December.
“The attack on our systems took at least six months to prepare—we have found evidence that they started collecting information (about our systems) no less than 6 months before the attack,” Svetelyk told Reuters.
On December 23, a Ukrainian power company announced that part of the country had gone dark, and shortly after, researchers obtained samples of malware found on the company’s network. Subsequent reports revealed that at least two other companies had been targeted too, and that the hackers had also launched a denial-of-service style attack on phone systems, stopping customers from complaining about the blackout.
In its investigation, the energy ministry does not point directly to Russian involvement, however. Attribution for cyber-attacks is notoriously difficult, but US researchers have concluded that the blackouts were likely the work of the so-called Sandworm group, a Russian backed hacking group. Researchers came to this conclusion in part because of the presence of Black Energy malware on the affected networks, which has been used by a likely Russian group to target industrial control systems.
More Here [motherboard]