News / Europe

    Russia Suspected in First-ever Cyberattack on Ukraine’s Power Grid

    Related Articles

    Experts: Ukraine Utility Cyberattack Wider Than Reported

    Ukraine power company Prykarpattyaoblenergo reported an outage on December 23; Experts say the attackers sought to infect other utilities

    Obama Administration Expands Cyber Defense Strategies

    What's gained - and what's lost - when the Web becomes weaponized?

    Russia Plays Big Role in Cyber Spying, Hacking

    Hacking, which the White House says points to Moscow, poses growing security risk for the West, according to analysts

    Column: China, Espionage and the Law of Cyberwar

    US says hacking attack from inside China stole millions of private government documents. Is it an act of war, or just plain spying?

    Why Is Russia Interested in Undersea Internet Cables?

    Unnamed officials speculate Moscow might be trying to tap those links — or even worse, sever them during a time of crisis

    In the last months of 2015, the conflict between Russia and Ukraine over Crimea’s annexation and continuing strife in Ukraine’s east appeared largely to be in stalemate. But now, with the new year, it appears the conflict is heating up again, and playing out on the region’s electric grids.

    On Dec. 23, a massive power outage in western Ukraine left approximately 700,000 homes in the dark. That outage was quickly followed by two smaller outages in Ukraine’s Ivano-Frankivsk region. The outages were short-lived, and at the time, believed to be benign in nature.

    Now, both the Ukrainian government and the private cybersecurity firm ESET say they have discovered malware inside the command and control systems at the affected power generators, raising the specter that unknown hackers intentionally targeted Ukraine’s power grid.

    “If confirmed this would be the first time that malware, as an external threat, targeted another nation-state’s power grid ever,” says Barak Perelman, CEO and co-founder of the Israel-based cybersecurity firm Indegy. “Any type of network interference that might shut down a grid should be considered a cyberattack, whether it originated inside the company or as an external threat.”

    More bugs possible

    It’s been rumored for years, but never proved, that various power failures around the world might have been the result of hackers. The malware inside Ukraine’s power grid might offer proof of that. The Daily Beast reports that copies of the malware have been sent to U.S. cyber-analysts at the CIA, the NSA and the Department of Homeland Security.

    Perelman notes that while malware forensics may reveal clues about how the generators’ operational networks, or OTs, were infected, discovering who authored and deployed the bugs will prove difficult.

    “Even if you find forensic information about the author, you can never really know whether that was planted there deliberately or not,” he said. “But more interesting is specifically what the malware did to interfere with the industrial controllers. By learning how it worked, either at the generation plants or the substations that deliver power, you can protect from future incidents.”

    Perelman adds that it’s also “very reasonable to believe” that similar bugs remain in Ukraine's grid and, in fact, may have also infected the power systems of other nations – including the U.S.

    Principal suspect

    Not surprisingly, Russia has figured as the principal suspect in planting the Ukrainian malware. Neither Russian or Ukrainian officials have spoken about the incident publicly, but in the past, government-linked Russian hackers have been tied to cyber-attacks in Estonia, Georgia and elsewhere.

    Ukraine’s power grid may also have been targeted by pro-Russian hackers for another reason. In November of last year, much of Crimea’s electric power was cut after lines and a substation of the Ukrainian-based electric supplier were damaged in what many believe to be an attack by Ukrainian nationalists. The malware infection may have been prompted by that outage.

    If the Ukraine outages are ultimately proven to be the work of hackers targeting another nation’s electric grid, it would represent a significant escalation, and might even eventually be identified as an act of war.

    “There’s really no internationally agreed upon rule book of what constitutes cyber-war,” Bob Twitchell, CEO of the cybersecurity firm Dispersive Technologies, told VOA.

    "Technology can do many different things, but it always comes back to policy: what’s the technology, what do you want to do with it, what’s fair and not fair, and what’s completely unacceptable,” Twitchell said.


    Governments have generally been vague about defining what is and isn’t an act of cyberwar. Last year U.S. Secretary of Defense Ashton Carter warned potential adversaries that the U.S. is ready to respond to any act of cyberwar.

    But the DoD strategy document does not discuss what specifically constitutes cyberwar. And that, says former Assistant Secretary of Homeland Security Stewart Baker, is because war – cyber or otherwise – is a messy business.

    "It is the things that both sides decide they are not prepared to do. And usually that’s a mix of humanity, basic morality and hard-headed assessment that it won’t do much good but will cause massive pain if the enemy does it to you,” he said.

    That said, Twitchell, Baker and other analysts VOA has spoken with agree that the intentional targeting and destruction of one nation’s power grid by another would clearly represent an act of war.

    Doug Bernard

    Doug Bernard covers cyber-issues for VOA, focusing on Internet privacy, security and censorship circumvention. Previously he edited VOA’s “Digital Frontiers” blog, produced the “Daily Download” webcast and hosted “Talk to America”, for which he won the International Presenter of the Year award from the Association for International Broadcasting. He began his career at Michigan Public Radio, and has contributed to "The New York Times," the "Christian Science Monitor," SPIN and NPR, among others. You can follow him @dfrontiers.

    You May Like

    Hope Remains for Rio Olympic Games, Despite Woes

    Facing a host of problems, Rio prepares for holding the games but experts say some risks, like Zika, may not be as grave as initially thought

    IS Use of Social Media to Recruit, Radicalize Still a Top Threat to US

    Despite military gains against IS in Iraq and Syria, their internet propaganda still commands an audience; US officials see 'the most complex challenge that the federal government and industry face'

    ‘Time Is Now’ to Save Africa’s Animals From Poachers, Activist Says

    During Zimbabwe visit, African Wildlife Foundation President Kaddu Sebunya says poaching hurts Africa as slave trade once did

    This forum has been closed.
    Comment Sorting
    by: mr nobody from: usa
    January 09, 2016 12:34 AM
    Is this the first time that Ukrainian power has been attacked by Russians?

    What about Chernobyl?

    Was the Russian operator of the Chernobyl nuclear plant intentionally driving it to destruction when he removed the control rods, or was it just an accident?

    Is this malware benign, or are these attacks more sinister?

    Will Russians create another meltdown like Chernobyl again?

    Compassion and tolerance only drive Russians to recklessness. What fool would call them "partner"?

    by: Igor from: Russia
    January 08, 2016 3:55 AM
    It seems that the Cyber war only exists in the imagination of those who are trying to exploit it for their information war.
    There is no evidence pointing to Russia, that means mismanagement, technical failure as well as embezzelment were behind the blackouts.
    malware inside the command and control systems at the affected power generators does not mean that the malware was from Russia. It may have come from the stupid or reckless handling of the computer systems.
    ESET is not a very wellknown security firm. Its antivirus only stands 15th in antivirus software reviews (, far behind Kaspersky. So it is understandable why they aim at Russia although without any evidence.
    In that case Kiev has itself to blame for the incident.

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Ivorian Chocolate Makers Promote Locally-made Chocolatei
    July 29, 2016 4:02 PM
    Ivory Coast is the world's top producer of cocoa but hardly any of it is processed into chocolate there. Instead, the cocoa is sent abroad to chocolate makers in Europe and elsewhere. This is a general problem throughout Africa – massive exports of raw materials but few finished goods. As Emilie Iob reports from Abidjan, several Ivorian entrepreneurs are working to change that formula - 100 percent Ivorian chocolate bar at a time.

    Video Ivorian Chocolate Makers Promote Locally-made Chocolate

    Ivory Coast is the world's top producer of cocoa but hardly any of it is processed into chocolate there. Instead, the cocoa is sent abroad to chocolate makers in Europe and elsewhere. This is a general problem throughout Africa – massive exports of raw materials but few finished goods. As Emilie Iob reports from Abidjan, several Ivorian entrepreneurs are working to change that formula - 100 percent Ivorian chocolate bar at a time.

    Video Tesla Opens Battery-Producing Gigafactory

    Two years after starting to produce electric cars, U.S. car maker Tesla Motors has opened the first part of its huge battery manufacturing plant, which will eventually cover more than a square kilometer. Situated close to Reno, Nevada, the so-called Gigafactory will eventually produce more lithium-ion batteries than were made worldwide in 2013. VOA's George Putic reports.

    Video Polio-affected Afghan Student Fulfilling Her Dreams in America

    Afghanistan is one of only two countries in the world where children still get infected by polio. The other is Pakistan. Mahbooba Akhtarzada who is from Afghanistan, was disabled by polio, but has managed to overcome the obstacles caused by this crippling disease. VOA's Zheela Nasari caught up with Akhtarzada and brings us this report narrated by Bronwyn Benito.

    Video Hillary Clinton Promises to Build a 'Better Tomorrow'

    Democratic presidential candidate Hillary Clinton urged voters Thursday not to give in to the politics of fear. She vowed to unite the country and move it forward if elected in November. Clinton formally accepted the Democratic Party's nomination at its national convention in Philadelphia. VOA national correspondent Jim Malone has more.

    Video Trump Tones Down Praise for Russia

    Republican presidential candidate Donald Trump is toning down his compliments for Russia and Vladimir Putin as such rhetoric got him in trouble recently. After calling on Russia to find 30.000 missing emails from rival Hillary Clinton, Trump told reporters he doesn't know Putin and never called him a great leader, just one who's better than President Barack Obama. Putin has welcomed Trump's overtures, but, as Zlatica Hoke reports, ordinary Russians say they are not putting much faith in Trump.

    Video Uganda Unveils its First Solar-powered Bus

    A solar-powered bus described by its Ugandan makers as the first in Africa has made its public debut. Kiira Motors' electric bus, Kayoola, displayed recently at a stadium in Uganda's capital. From Kampala, Maurice Magorane filed this report narrated by Salem Solomon.

    Video Silicon Valley: More Than A Place, It's a Culture

    Silicon Valley is a technology powerhouse and a place that companies such as Google, Facebook and Apple call home. It is a region in northern California that stretches from San Francisco to San Jose. But, more than that, it's known for its startup culture. VOA's Elizabeth Lee went inside one company to find out what it's like to work in a startup.

    Video Immigrant Delegate Marvels at Democratic Process

    It’s been a bitter and divisive election season – but first time Indian-American delegate Dr. Shashi Gupta headed to the Democratic National Convention with a sense of hope. VOA’s Katherine Gypson followed this immigrant with the love of U.S. politics all the way to Philadelphia.

    Video Dutch Entrepreneurs Turn Rainwater Into Beer

    June has been recorded as one of the wettest months in more than a century in many parts of Europe. To a group of entrepreneurs in Amsterdam the rain came as a blessing, as they used the extra water to brew beer. Serginho Roosblad has more to the story.

    Video Commerce Thrives on US-Mexico Border

    At the Democratic Convention in Philadelphia this week, the party’s presumptive presidential nominee, Hillary Clinton, is expected to attack proposals made by her opponent, Republican presidential nominee Donald Trump, to build a wall along the U.S.-Mexico border. Last Friday, President Barack Obama hosted his Mexican counterpart, President Enrique Peña Nieto, to underscore the good relations between the two countries. VOA’s Greg Flakus reports from Tucson.

    Video Film Helps Save Ethiopian Children Thought to be Cursed

    'Omo Child' looks at effort of African man to stop killings of ‘mingi’ children

    Video London’s Financial Crown at Risk as Rivals Eye Brexit Opportunities

    By most measures, London rivals New York as the only true global financial center. But Britain’s vote to leave the European Union – so-called ‘Brexit’ – means the city could lose its right to sell services tariff-free across the bloc, risking its position as Europe’s financial headquarters. Already some banks have said they may shift operations to the mainland. Henry Ridgwell reports from London.

    Special Report

    Adrift The Invisible African Diaspora