Accessibility links

US Helping Ukraine Investigate Power Grid Hack

  • Reuters

The U.S. government said it was helping Ukraine investigate an apparent cyber attack last month on the country's power grid that caused a blackout for an estimated 80,000 customers.

Experts have widely described the Dec. 23 incident at western Ukraine's Prykarpattyaoblenergo utility as the first known power outage caused by a cyber attack. Ukraine's SBU state security service has blamed Russia for the incident, while U.S. cyber firm iSight Partners linked it to a Russian hacking group known as "Sandworm."

The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, said in an alert emailed on Tuesday that it had analyzed malicious software found in the utility's network. It identified it as BlackEnergy 3, a variant of malware that the agency previously said had infected some U.S. critical infrastructure operators in 2014.

When ICS-CERT initially reported on that infection in December 2014, it said that it did not know of any cases where BlackEnergy caused physical disruption to U.S. power systems.

A DHS official said on Tuesday that government investigators have not confirmed whether the BlackEnergy malware caused the Ukraine incident.

"At this time there is no definitive evidence linking the power outage in Ukraine with the presence of the malware," said the official, who was not authorized to discuss the matter publicly.

The ICS-CERT alert also said that the attackers appeared to have spread the BlackEnergy malware in Ukraine through a phishing campaign that used a malicious Microsoft Word email attachment.

The alert marked the first time the U.S. government had publicly commented on the Ukraine outage. It said ICS-CERT would continue to study the attack, providing additional technical data on a confidential government portal.

Experts attending the S4 conference on securing critical infrastructure from cyber attacks, which opened on Tuesday in Miami, said they are eager for more information on what happened in Ukraine.

Michael Toecker, a consulting engineer who advises utilities on grid security, said that some clients are asking 'What do we need to do to make sure this doesn't happen to us?'"

While security researchers widely believe that the outage was caused by a cyber attack, a few experts at the conference said they want more information before weighing in on what happened.

Ralph Langner, managing principal of Germany's Langner Group, said he is waiting to hear the results of a formal Ukraine energy ministry probe of the incident.