Jump to content

2016 Kyiv cyberattack

From Wikipedia, the free encyclopedia

A cyberattack happened in the Ukrainian capital Kyiv just before midnight on 17 December 2016, and lasted for just over an hour.[1][2] The national electricity transmission operator Ukrenergo said that the attack had cut one fifth of the city's power consumption at that time of night.[1]

Attack

[edit]

The attack affected the 330 kilowatt electrical substation "North" at Pivnichna, outside the capital.[1] It happened a year after a previous attack on Ukraine's power grid.[1]

Dragos Security concluded that the attack was not merely to cause short-term disruption but to cause long-lasting damage that could last weeks or months.[3] The attackers had tried to cause physical damage to the station when the operators turned the grid back on.[3] The attack used Industroyer malware and has the ability to attack hardware including SIPROTEC protective relays.[3] These protective relays open circuit breakers if they detect dangerous conditions.[3] A security flaw meant that a single packet could put the relays in a state where it would be useless unless manually rebooted.[3] Siemens released a software patch in 2015 to fix the issue, but many relays weren't updated with it.[3] Evidence from logs obtained by Dragos Security showed the attackers initially opened every circuit breaker in the transmission station, causing a power cut.[3] Then an hour later they ran wiper malware to disable the station's computer, making it impossible to monitor the station.[3] Finally, the attackers tried to disable four of the stations SIPROTEC protective relays, which could not be detected by operators.[3] Dragos concluded that the attackers intended the operators to re-engergise the station equipment, which could have injured engineers and damaged equipment.[3] The data packets intended for the protective relays were sent to the wrong IP address.[3] The operators may also have brought the station back online faster than attackers expected.[3]

Follow-on attack

[edit]

In April 2022, Ukrainian authorities announced that they had prevented a cyberattack that used malware similar to Industroyer.[4]

See also

[edit]

References

[edit]
  1. ^ a b c d "Ukraine power cut 'was cyber-attack'". BBC News. 2017-01-11. Retrieved 2022-07-07.
  2. ^ Polityuk, Pavel; Vukmanovic, Oleg; Jewkes, Stephen (18 January 2017). "Ukraine's power outage was a cyber attack - Ukrenergo". Reuters. Retrieved 23 May 2024.
  3. ^ a b c d e f g h i j k l Greenberg, Andy (2019-09-12). "New Clues Show How Russia's Grid Hackers Aimed for Physical Destruction". Wired. Archived from the original on 2019-09-13. Retrieved 2022-07-07.
  4. ^ Rundle, James; Stupp, Catherine (12 April 2022). "Ukraine Thwarts Cyberattack on Electric Grid, Officials Say". The Wall Street Journal. Retrieved 23 May 2024.