News / Europe

    Russia Suspected in First-ever Cyberattack on Ukraine’s Power Grid

    Related Articles

    Experts: Ukraine Utility Cyberattack Wider Than Reported

    Ukraine power company Prykarpattyaoblenergo reported an outage on December 23; Experts say the attackers sought to infect other utilities

    Obama Administration Expands Cyber Defense Strategies

    What's gained - and what's lost - when the Web becomes weaponized?

    Russia Plays Big Role in Cyber Spying, Hacking

    Hacking, which the White House says points to Moscow, poses growing security risk for the West, according to analysts

    Column: China, Espionage and the Law of Cyberwar

    US says hacking attack from inside China stole millions of private government documents. Is it an act of war, or just plain spying?

    Why Is Russia Interested in Undersea Internet Cables?

    Unnamed officials speculate Moscow might be trying to tap those links — or even worse, sever them during a time of crisis

    In the last months of 2015, the conflict between Russia and Ukraine over Crimea’s annexation and continuing strife in Ukraine’s east appeared largely to be in stalemate. But now, with the new year, it appears the conflict is heating up again, and playing out on the region’s electric grids.

    On Dec. 23, a massive power outage in western Ukraine left approximately 700,000 homes in the dark. That outage was quickly followed by two smaller outages in Ukraine’s Ivano-Frankivsk region. The outages were short-lived, and at the time, believed to be benign in nature.

    Now, both the Ukrainian government and the private cybersecurity firm ESET say they have discovered malware inside the command and control systems at the affected power generators, raising the specter that unknown hackers intentionally targeted Ukraine’s power grid.

    “If confirmed this would be the first time that malware, as an external threat, targeted another nation-state’s power grid ever,” says Barak Perelman, CEO and co-founder of the Israel-based cybersecurity firm Indegy. “Any type of network interference that might shut down a grid should be considered a cyberattack, whether it originated inside the company or as an external threat.”

    More bugs possible

    It’s been rumored for years, but never proved, that various power failures around the world might have been the result of hackers. The malware inside Ukraine’s power grid might offer proof of that. The Daily Beast reports that copies of the malware have been sent to U.S. cyber-analysts at the CIA, the NSA and the Department of Homeland Security.

    Perelman notes that while malware forensics may reveal clues about how the generators’ operational networks, or OTs, were infected, discovering who authored and deployed the bugs will prove difficult.

    “Even if you find forensic information about the author, you can never really know whether that was planted there deliberately or not,” he said. “But more interesting is specifically what the malware did to interfere with the industrial controllers. By learning how it worked, either at the generation plants or the substations that deliver power, you can protect from future incidents.”

    Perelman adds that it’s also “very reasonable to believe” that similar bugs remain in Ukraine's grid and, in fact, may have also infected the power systems of other nations – including the U.S.

    Principal suspect

    Not surprisingly, Russia has figured as the principal suspect in planting the Ukrainian malware. Neither Russian or Ukrainian officials have spoken about the incident publicly, but in the past, government-linked Russian hackers have been tied to cyber-attacks in Estonia, Georgia and elsewhere.

    Ukraine’s power grid may also have been targeted by pro-Russian hackers for another reason. In November of last year, much of Crimea’s electric power was cut after lines and a substation of the Ukrainian-based electric supplier were damaged in what many believe to be an attack by Ukrainian nationalists. The malware infection may have been prompted by that outage.

    If the Ukraine outages are ultimately proven to be the work of hackers targeting another nation’s electric grid, it would represent a significant escalation, and might even eventually be identified as an act of war.

    “There’s really no internationally agreed upon rule book of what constitutes cyber-war,” Bob Twitchell, CEO of the cybersecurity firm Dispersive Technologies, told VOA.

    "Technology can do many different things, but it always comes back to policy: what’s the technology, what do you want to do with it, what’s fair and not fair, and what’s completely unacceptable,” Twitchell said.


    Governments have generally been vague about defining what is and isn’t an act of cyberwar. Last year U.S. Secretary of Defense Ashton Carter warned potential adversaries that the U.S. is ready to respond to any act of cyberwar.

    But the DoD strategy document does not discuss what specifically constitutes cyberwar. And that, says former Assistant Secretary of Homeland Security Stewart Baker, is because war – cyber or otherwise – is a messy business.

    "It is the things that both sides decide they are not prepared to do. And usually that’s a mix of humanity, basic morality and hard-headed assessment that it won’t do much good but will cause massive pain if the enemy does it to you,” he said.

    That said, Twitchell, Baker and other analysts VOA has spoken with agree that the intentional targeting and destruction of one nation’s power grid by another would clearly represent an act of war.

    Doug Bernard

    Doug Bernard covers cyber-issues for VOA, focusing on Internet privacy, security and censorship circumvention. Previously he edited VOA’s “Digital Frontiers” blog, produced the “Daily Download” webcast and hosted “Talk to America”, for which he won the International Presenter of the Year award from the Association for International Broadcasting. He began his career at Michigan Public Radio, and has contributed to "The New York Times," the "Christian Science Monitor," SPIN and NPR, among others. You can follow him @dfrontiers.

    You May Like

    Syrian Torture Victim Recounts Horrors

    'You make them think you have surrendered' says Jalal Nofal, a doctor who was jailed and survived repeated interrogations in Syria

    Mandela’s Millions Paid to Heirs, But Who Gets His Country Home?

    Saga around $3 million estate of country's first democratic president is far from over as Winnie Mandela’s fight for home overshadows payouts

    Guess Which Beach is 'Best in the US'?

    Hawaii’s Hanauma Bay tops an annual "top 10" list compiled by a coastal scientist, also known as Doctor Beach

    This forum has been closed.
    Comment Sorting
    by: mr nobody from: usa
    January 09, 2016 12:34 AM
    Is this the first time that Ukrainian power has been attacked by Russians?

    What about Chernobyl?

    Was the Russian operator of the Chernobyl nuclear plant intentionally driving it to destruction when he removed the control rods, or was it just an accident?

    Is this malware benign, or are these attacks more sinister?

    Will Russians create another meltdown like Chernobyl again?

    Compassion and tolerance only drive Russians to recklessness. What fool would call them "partner"?

    by: Igor from: Russia
    January 08, 2016 3:55 AM
    It seems that the Cyber war only exists in the imagination of those who are trying to exploit it for their information war.
    There is no evidence pointing to Russia, that means mismanagement, technical failure as well as embezzelment were behind the blackouts.
    malware inside the command and control systems at the affected power generators does not mean that the malware was from Russia. It may have come from the stupid or reckless handling of the computer systems.
    ESET is not a very wellknown security firm. Its antivirus only stands 15th in antivirus software reviews (, far behind Kaspersky. So it is understandable why they aim at Russia although without any evidence.
    In that case Kiev has itself to blame for the incident.

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Chinese-Americans Heart Trump, Bucking National Trendi
    May 27, 2016 5:57 AM
    A new study conducted by three Asian-American organizations shows there are three times as many Democrats as there are Republicans among Asian-American voters, and they favor Hillary Clinton over Donald Trump. But one group, called Chinese-Americans For Trump, is going against the tide and strongly supports the business tycoon. VOA’s Elizabeth Lee caught up with them at a Trump rally and reports from Anaheim, California.

    Video Chinese-Americans Heart Trump, Bucking National Trend

    A new study conducted by three Asian-American organizations shows there are three times as many Democrats as there are Republicans among Asian-American voters, and they favor Hillary Clinton over Donald Trump. But one group, called Chinese-Americans For Trump, is going against the tide and strongly supports the business tycoon. VOA’s Elizabeth Lee caught up with them at a Trump rally and reports from Anaheim, California.

    Video Reactions to Trump's Success Polarized Abroad

    What seemed impossible less than a year ago is now almost a certainty. New York real estate mogul Donald Trump has won the number of delegates needed to secure the Republican presidential nomination. The prospect has sparked as much controversy abroad as it has in the United States. Zlatica Hoke has more.

    Video Drawings by Children in Hiroshima Show Hope and Peace

    On Friday, President Barack Obama will visit Hiroshima, Japan, the first American president to do so while in office. In August 1945, the United States dropped an atomic bomb on the city to force Japan's surrender in World War II. Although their city lay in ruins, some Hiroshima schoolchildren drew pictures of hope and peace. The former students and their drawings are now part of a documentary called “Pictures from a Hiroshima Schoolyard.” VOA's Deborah Block has the story.

    Video Vietnamese Rapper Performs for Obama

    A prominent young Vietnamese artist told President Obama said she faced roadblocks as a woman rapper, and asked the president about government support for the arts. He asked her to rap, and he even offered to provide a base beat for her. Watch what happened.

    Video Roots Run Deep for Tunisia's Dwindling Jewish Community

    This week, hundreds of Jewish pilgrims are defying terrorist threats to celebrate an ancient religious festival on the Tunisian island of Djerba. The festivities cast a spotlight on North Africa's once-vibrant Jewish population that has all but died out in recent decades. Despite rising threats of militant Islam and the country's battered economy, one of the Arab world's last Jewish communities is staying put and nurturing a new generation. VOA’s Lisa Bryant reports.

    Video Meet Your New Co-Worker: The Robot

    Increasing numbers of robots are joining the workforce, as companies scale back and more processes become automated. The latest robots are flexible and collaborative, built to work alongside humans as opposed to replacing them. VOA’s Tina Trinh looks at the next generation of automated employees helping out their human colleagues.

    Video Wheelchair Technology in Tune With Times

    Technologies for the disabled, including wheelchair technology, are advancing just as quickly as everything else in the digital age. Two new advances in wheelchairs offer improved control and a more comfortable fit. VOA's George Putic reports.

    Video Baby Boxes Offer Safe Haven for Unwanted Children

    No one knows exactly how many babies are abandoned worldwide each year. The statistic is a difficult one to determine because it is illegal in most places. Therefore unwanted babies are often hidden and left to die. But as Erika Celeste reports from Woodburn, Indiana, a new program hopes to make surrendering infants safer for everyone.

    Video California Celebration Showcases Local Wines, Balloons

    Communities in the U.S. often hold festivals to show what makes them special. In California, for example, farmers near Fresno celebrate their figs and those around Gilmore showcase their garlic. Mike O'Sullivan reports that the wine-producing region of Temecula offers local vintages in an annual festival where rides on hot-air balloons add to the excitement.

    Video US Elementary School Offers Living Science Lessons

    Zero is not a good score on a test at school. But Discovery Elementary is proud of its “net zero” rating. Net zero describes a building in which the amount of energy provided by on-site renewable sources equals the amount of energy the building uses. As Faiza Elmasry tells us, the innovative features in the building turn the school into a teaching tool, where kids can't help but learn about science and sustainability. Faith Lapidus narrates.

    Special Report

    Adrift The Invisible African Diaspora