News / Europe

    Russia Suspected in First-ever Cyberattack on Ukraine’s Power Grid

    Related Articles

    Experts: Ukraine Utility Cyberattack Wider Than Reported

    Ukraine power company Prykarpattyaoblenergo reported an outage on December 23; Experts say the attackers sought to infect other utilities

    Obama Administration Expands Cyber Defense Strategies

    What's gained - and what's lost - when the Web becomes weaponized?

    Russia Plays Big Role in Cyber Spying, Hacking

    Hacking, which the White House says points to Moscow, poses growing security risk for the West, according to analysts

    Column: China, Espionage and the Law of Cyberwar

    US says hacking attack from inside China stole millions of private government documents. Is it an act of war, or just plain spying?

    Why Is Russia Interested in Undersea Internet Cables?

    Unnamed officials speculate Moscow might be trying to tap those links — or even worse, sever them during a time of crisis

    In the last months of 2015, the conflict between Russia and Ukraine over Crimea’s annexation and continuing strife in Ukraine’s east appeared largely to be in stalemate. But now, with the new year, it appears the conflict is heating up again, and playing out on the region’s electric grids.

    On Dec. 23, a massive power outage in western Ukraine left approximately 700,000 homes in the dark. That outage was quickly followed by two smaller outages in Ukraine’s Ivano-Frankivsk region. The outages were short-lived, and at the time, believed to be benign in nature.

    Now, both the Ukrainian government and the private cybersecurity firm ESET say they have discovered malware inside the command and control systems at the affected power generators, raising the specter that unknown hackers intentionally targeted Ukraine’s power grid.

    “If confirmed this would be the first time that malware, as an external threat, targeted another nation-state’s power grid ever,” says Barak Perelman, CEO and co-founder of the Israel-based cybersecurity firm Indegy. “Any type of network interference that might shut down a grid should be considered a cyberattack, whether it originated inside the company or as an external threat.”

    More bugs possible

    It’s been rumored for years, but never proved, that various power failures around the world might have been the result of hackers. The malware inside Ukraine’s power grid might offer proof of that. The Daily Beast reports that copies of the malware have been sent to U.S. cyber-analysts at the CIA, the NSA and the Department of Homeland Security.

    Perelman notes that while malware forensics may reveal clues about how the generators’ operational networks, or OTs, were infected, discovering who authored and deployed the bugs will prove difficult.

    “Even if you find forensic information about the author, you can never really know whether that was planted there deliberately or not,” he said. “But more interesting is specifically what the malware did to interfere with the industrial controllers. By learning how it worked, either at the generation plants or the substations that deliver power, you can protect from future incidents.”

    Perelman adds that it’s also “very reasonable to believe” that similar bugs remain in Ukraine's grid and, in fact, may have also infected the power systems of other nations – including the U.S.

    Principal suspect

    Not surprisingly, Russia has figured as the principal suspect in planting the Ukrainian malware. Neither Russian or Ukrainian officials have spoken about the incident publicly, but in the past, government-linked Russian hackers have been tied to cyber-attacks in Estonia, Georgia and elsewhere.

    Ukraine’s power grid may also have been targeted by pro-Russian hackers for another reason. In November of last year, much of Crimea’s electric power was cut after lines and a substation of the Ukrainian-based electric supplier were damaged in what many believe to be an attack by Ukrainian nationalists. The malware infection may have been prompted by that outage.

    If the Ukraine outages are ultimately proven to be the work of hackers targeting another nation’s electric grid, it would represent a significant escalation, and might even eventually be identified as an act of war.

    “There’s really no internationally agreed upon rule book of what constitutes cyber-war,” Bob Twitchell, CEO of the cybersecurity firm Dispersive Technologies, told VOA.

    "Technology can do many different things, but it always comes back to policy: what’s the technology, what do you want to do with it, what’s fair and not fair, and what’s completely unacceptable,” Twitchell said.


    Governments have generally been vague about defining what is and isn’t an act of cyberwar. Last year U.S. Secretary of Defense Ashton Carter warned potential adversaries that the U.S. is ready to respond to any act of cyberwar.

    But the DoD strategy document does not discuss what specifically constitutes cyberwar. And that, says former Assistant Secretary of Homeland Security Stewart Baker, is because war – cyber or otherwise – is a messy business.

    "It is the things that both sides decide they are not prepared to do. And usually that’s a mix of humanity, basic morality and hard-headed assessment that it won’t do much good but will cause massive pain if the enemy does it to you,” he said.

    That said, Twitchell, Baker and other analysts VOA has spoken with agree that the intentional targeting and destruction of one nation’s power grid by another would clearly represent an act of war.

    Doug Bernard

    Doug Bernard covers cyber-issues for VOA, focusing on Internet privacy, security and censorship circumvention. Previously he edited VOA’s “Digital Frontiers” blog, produced the “Daily Download” webcast and hosted “Talk to America”, for which he won the International Presenter of the Year award from the Association for International Broadcasting. He began his career at Michigan Public Radio, and has contributed to "The New York Times," the "Christian Science Monitor," SPIN and NPR, among others. You can follow him @dfrontiers.

    You May Like

    Former US Envoys Urge Obama to Delay Troop Cuts in Afghanistan

    Keeping troop levels up during conflict with both Taliban and Islamic State is necessary to support Kabul government, they say

    First Lady to Visit Africa to Promote Girls' Education

    Michele Obama will be joined by daughters and actresses Meryl Streep and Freida Pinto

    Video NYSE Analyst: Brexit Will Continue to Place Pressure on Markets

    Despite orderly pricing and execution strategy at the New York Stock Exchange, analyst explains added pressure on world financial markets is likely

    This forum has been closed.
    Comment Sorting
    by: mr nobody from: usa
    January 09, 2016 12:34 AM
    Is this the first time that Ukrainian power has been attacked by Russians?

    What about Chernobyl?

    Was the Russian operator of the Chernobyl nuclear plant intentionally driving it to destruction when he removed the control rods, or was it just an accident?

    Is this malware benign, or are these attacks more sinister?

    Will Russians create another meltdown like Chernobyl again?

    Compassion and tolerance only drive Russians to recklessness. What fool would call them "partner"?

    by: Igor from: Russia
    January 08, 2016 3:55 AM
    It seems that the Cyber war only exists in the imagination of those who are trying to exploit it for their information war.
    There is no evidence pointing to Russia, that means mismanagement, technical failure as well as embezzelment were behind the blackouts.
    malware inside the command and control systems at the affected power generators does not mean that the malware was from Russia. It may have come from the stupid or reckless handling of the computer systems.
    ESET is not a very wellknown security firm. Its antivirus only stands 15th in antivirus software reviews (, far behind Kaspersky. So it is understandable why they aim at Russia although without any evidence.
    In that case Kiev has itself to blame for the incident.

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Brexit Vote Plunges Global Markets Into Uncharted Territoryi
    June 24, 2016 9:38 PM
    British voters plunged global markets into unknown territory after they voted Thursday to leave the European Union. The results of the Brexit vote, the term coined to describe the referendum, caught many off guard. Analysts say the resulting volatility could last for weeks, perhaps longer. Mil Arcega reports.

    Video Brexit Vote Plunges Global Markets Into Uncharted Territory

    British voters plunged global markets into unknown territory after they voted Thursday to leave the European Union. The results of the Brexit vote, the term coined to describe the referendum, caught many off guard. Analysts say the resulting volatility could last for weeks, perhaps longer. Mil Arcega reports.

    Video Orlando Shooting Changes Debate on Gun Control

    It’s been nearly two weeks since the largest mass shooting ever in the United States. Despite public calls for tighter gun control laws, Congress is at an impasse. Democratic lawmakers resorted to a 1960s civil rights tactic to portray their frustration. VOA’s Carolyn Presutti explains how the Orlando, Florida shooting is changing the debate.

    Video Tunisian Fishing Town Searches for Jobs, Local Development Solutions

    As the European Union tries to come to grips with its migrant crisis, some newcomers are leaving voluntarily. But those returning to their home countries face an uncertain future.  Five years after Tunisia's revolution, the tiny North African country is struggling with unrest, soaring unemployment and plummeting growth. From the southern Tunisian fishing town of Zarzis, Lisa Bryant takes a look for VOA at a search for local solutions.

    Video 'American Troops' in Russia Despite Tensions

    Historic battle re-enactment is a niche hobby with a fair number of adherents in Russia where past military victories are played-up by the Kremlin as a show of national strength. But, one group of World War II re-enactors in Moscow has the rare distinction of choosing to play western ally troops. VOA's Daniel Schearf explains.

    Video Experts: Very Few Killed in US Gun Violence Are Victims of Mass Shootings

    The deadly shooting at a Florida nightclub has reignited the debate in the U.S. over gun control. Although Congress doesn't provide government health agencies funds to study gun violence, public health experts say private research has helped them learn some things about the issue. VOA's Carol Pearson reports.

    Video Trump Unleashes Broadside Against Clinton to Try to Ease GOP Doubts

    Recent public opinion polls show Republican Donald Trump slipping behind Democrat Hillary Clinton in the presidential election matchup for November. Trump trails her both in fundraising and campaign organization, but he's intensifying his attacks on the former secretary of state. VOA National Correspondent Jim Malone reports.

    Video Muslim American Mayor Calls for Tolerance

    Syrian-born Mohamed Khairullah describes himself as "an American mayor who happens to be Muslim." As the three-term mayor of Prospect Park, New Jersey, he believes his town of 6,000 is an example of how ethnicity and religious beliefs should not determine a community's leadership. Ramon Taylor has this report from Prospect Park.

    Video Internal Rifts Over Syria Policy Could Be Headache for Next US President

    With the Obama administration showing little outward enthusiasm for adopting a more robust Syria policy, there is a strong likelihood that the internal discontent expressed by State Department employees will roll over to the next administration. VOA State Department correspondent Pam Dockins reports.

    Video Senegal to Park Colorful ‘Cars Rapide’ Permanently

    Brightly painted cars rapide are a hallmark of Dakar, offering residents a cheap way to get around the capital city since 1976. But the privately owned minibuses are scheduled to be parked for good in late 2018, as Ricci Shryock reports for VOA.

    Video Florida Gets $1 Million in Emergency Government Funding for Orlando

    The U.S. government has granted $1 million in emergency funding to the state of Florida to cover the costs linked to the June 12 massacre in Orlando. U.S. Attorney General Loretta Lynch announced the grant Tuesday in Orlando, where she met with survivors of the shooting attack that killed 49 people. Zlatica Hoke reports.

    Video How to Print Impossible Shapes with Metal

    3-D printing with metals is rapidly becoming more advanced. As printers become more affordable, the industry is partnering with universities to refine processes for manufacturing previously impossible things. A new 3-D printing lab aims to bring the new technology closer to everyday use. VOA's George Putic reports.

    Video Big Somali Community in Minnesota Observes Muslim Religious Feast

    Ramadan is widely observed in the north central US state of Minnesota, which a large Muslim community calls home. VOA Somali service reporter Mohmud Masadde files this report from Minneapolis, the state's biggest city.

    Special Report

    Adrift The Invisible African Diaspora