2015 Ukraine power grid hack

On December 23, 2015, the

power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-present) and is attributed to a Russian advanced persistent threat group known as "Sandworm".^[1] It is the first publicly acknowledged successful cyberattack on a power grid.^[2]

Description

On 23 December 2015, hackers using the BlackEnergy 3 malware remotely compromised information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers. Most affected were consumers of Prykarpattyaoblenergo (Ukrainian: Прикарпаттяобленерго; servicing Ivano-Frankivsk Oblast): 30 substations (7 110kv substations and 23 35kv substations) were switched off, and about 230,000 people were without electricity for a period from 1 to 6 hours.^[3]

At the same time, consumers of two other energy distribution companies, Chernivtsioblenergo (

Russian Federation.^[4]

Vulnerability

In 2019, it was argued that Ukraine was a special case, comprising unusually dilapidated infrastructure, a high level of corruption, the ongoing Russo-Ukrainian War, and exceptional possibilities for Russian infiltration due to the historical links between the two countries.^[5] The Ukrainian power grid was built when it was part of the Soviet Union, has been upgraded with Russian parts and (as of 2022), still not been fixed.^{[clarification needed]} Russian attackers are as familiar with the software as operators. Furthermore, the timing of the attack during the holiday season guaranteed only a skeleton crew of Ukrainian operators were working (as shown in videos).^[6]

Method

The cyberattack was complex and consisted of the following steps:^[4]

Prior compromise of corporate networks using
spear-phishing emails with BlackEnergy
malware

Seizing SCADA under control, remotely switching substations off
Disabling/destroying IT infrastructure components (uninterruptible power supplies, modems, RTUs, commutators)
Destruction of files stored on servers and workstations with the KillDisk malware
Denial-of-service attack on call-center to deny consumers up-to-date information on the blackout.
Emergency power at the utility company’s operations center was switched off.^[6]

In total, up to 73 MWh of electricity was not supplied (or 0.015% of daily electricity consumption in Ukraine).^[4]

References

^ Jim Finkle (7 January 2016). "U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters. Archived from the original on 23 June 2017. Retrieved 2 July 2017.
S2CID 44364372. Archived
from the original on 2022-02-25. Retrieved 2022-02-25.

ISSN 1059-1028. Archived
from the original on 2021-02-08. Retrieved 2021-02-08.

^ ^a ^b ^c "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". mpe.kmu.gov.ua. Міністерство енергетики та вугільної промисловості України. 2016-02-12. Archived from the original on 2016-08-15. Retrieved 2016-10-10.

ISSN 2214-6296. Archived from the original on 2021-08-19. Retrieved 2021-02-08.

^
ISSN 0362-4331. Archived
from the original on 2022-01-16. Retrieved 2022-01-17.

Further reading

Robert M. Lee; Michael J. Assante; Tim Conway (18 March 2016). Analysis of the Cyber Attack on the Ukrainian Power Grid. Defense Use Case (PDF). E-ISAC.

Nate Beach-Westmoreland; Jake Styczynski; Scott Stables (November 2016). When The Lights Went Out (PDF). Booz Allen Hamilton.

External links

Adi Nae Gamliel (2017-10-6) "Securing Smart Grid and Advanced Metering Infrastructure".

Andy Greenberg (2017-06-20). "How An Entire Nation Became Russia's Test Lab for Cyberwar". Wired.

Kim Zetter (2016-03-03). "Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid". Wired.

Kim Zetter (2016-01-20). "Everything We Know About Ukraine's Power Plant Hack". Wired.

John Hulquist (2016-01-07). "Sandworm Team and the Ukrainian Power Authority Attacks".
FireEye
.

ICS-CERT, [https://www.cisa.gov/uscert/ics/advisories/ICSA-16-336-02
)

ICS-CERT, Cyber-Attack Against Ukrainian Critical Infrastructure (IR-ALERT-H-16-056-01)

v
t
e
Russo-Ukrainian War
Background

Dissolution of the Soviet Union

Budapest Memorandum

2003 Tuzla Island conflict

Orange Revolution

2007 Munich speech of Vladimir Putin

Russia–Ukraine gas disputes

Euromaidan

Revolution of Dignity

Putinism
Foundations of Geopolitics

Novorossiya

Ruscism

Russian irredentism

Russian imperialism

Main events

Annexation of Crimea by the Russian Federation
timeline

2014 pro-Russian unrest in Ukraine
Historical background

timeline

2014 Odesa clashes

War in Donbas
timeline

List of Russian units which invaded the territory of Ukraine

Kerch Strait incident

Wagnergate

Prelude to the Russian invasion of Ukraine
reactions

Russian invasion of Ukraine
timeline

2022 Russian annexation referendums

2023 Belgorod Oblast incursions

destruction of the Kakhovka Dam

Impact and reactions

International sanctions

sanctioned people and organisations

2022–2023 Russia–European Union gas dispute

Military aid to Ukraine

OSCE Special Monitoring Mission to Ukraine

Act of 2014

China and the Russian invasion of Ukraine

Iran and the Russian invasion of Ukraine

United States and the Russian invasion of Ukraine

ICJ case

ORDLO

ATO

International reactions to the war in Donbas

Casualties of the Russo-Ukrainian War
journalists killed

Foreign fighters in the Russo-Ukrainian War

2014 Crimean status referendum

Political status of Crimea

2021 Black Sea incident

2021–2023 global supply chain crisis

Economic impact of the Russian invasion of Ukraine

Eurointegration of Ukraine

Soviet imagery

Lend-Lease (2022)

Diplomatic expulsions

Russian spies

ICC arrest warrant for Vladimir Putin

Wagner Group rebellion

LGBT people

Cyberwarfare

2015 Ukraine power grid hack

2016 Kyiv cyberattack

2016 Surkov leaks

2017 Ukraine ransomware attacks

2022 Ukraine cyberattacks

IT Army of Ukraine

2022 activities of Anonymous against Russia

Media

Little green men

Social media

Media portrayal

Disinformation in the 2022 invasion

Propaganda in Russia

Films

Related

Russia–Ukraine relations

Russian language in Ukraine

Demolition of monuments to Vladimir Lenin in Ukraine

2014 anti-war protests in Russia

Ruscism

2018 Moscow–Constantinople schism

Control of cities

Aircraft losses during the Russo-Ukrainian War

Ship losses during the Russo-Ukrainian War

Moldova and the Russo-Ukrainian War

Forced transfer of Ukrainian children to Russia

Category

Retrieved from "https://en.wikipedia.org/w/index.php?title=2015_Ukraine_power_grid_hack&oldid=1165079237"

[1] Jim Finkle (7 January 2016). "U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters. Archived from the original on 23 June 2017. Retrieved 2 July 2017.

[2] S2CID 44364372. Archived
from the original on 2022-02-25. Retrieved 2022-02-25.

[ty-3] ISSN 1059-1028. Archived
from the original on 2021-02-08. Retrieved 2021-02-08.

[mpe.12-4] "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". mpe.kmu.gov.ua. Міністерство енергетики та вугільної промисловості України. 2016-02-12. Archived from the original on 2016-08-15. Retrieved 2016-10-10.

[overland-2019-5] ISSN 2214-6296. Archived from the original on 2021-08-19. Retrieved 2021-02-08.

[nyt-6] 
ISSN 0362-4331. Archived
from the original on 2022-01-16. Retrieved 2022-01-17.

[1]

[2]

[3]

[4]

[5]

[6]

Description

Vulnerability

Method

See also

References

Further reading

External links