US security agencies investigating blackout caused by hackers in Ukraine
07 Jan 2016
Malicious software found on the networks of a power company in western Ukraine is under the scanner of the Central Intelligence Agency, the National Security Agency, and the Homeland Security Department for causing ''interference'' in its systems, according to the Daily Beast and Washington Examiner.
The attack in Ukraine could spell trouble for the US power grid, as the malicious software known as BlackEnergy, found on the networks of the Ukrainian power company, Prykarpattyaoblenergo, was also used in a campaign targeting power facilities in the US in 2014.
Though no damage was suffered in the 2014 attacks, it set off alarm bells among US security and intelligence agencies.
US utility watchdogs, including the North American Electric Reliability Council, had warned US power companies to be on the alert and review their network defences after the successful Ukraine attack.
Russia had been publicly blamed by Ukrainian officials, but Russian involvement had not been confirmed separately. A Moscow-backed group, Sandworm, had been suspected of using BlackEnergy for targeted attacks in the past.
Confirmation that Russia was behind the Ukraine attack would put pressure on US president Barack Obama to publicly blame the involved party, as he did when he identified North Korea as the culprit in a cyberattack on Sony Pictures Entertainment in 2014.
Obama later clamped sanctions against North Korea and ordered a counter cyber-attack on its web system.
"This is the first incident we know of where an attack caused a blackout," said John Hultquist, head of iSight Partner's cyberespionage intelligence practice.
"It's always been the scenario we've been worried about for years because it has ramifications across broad sectors," The Washington Post reported.
The attack caused a power outage which affected half the homes in Ukraine's Ivano-Frankivsk region on December 23rd, according to a local report.
According to researchers at iSight on Monday, their analysis of malware found on the systems of at least three regional electrical operators suggested that the outage had been caused by a "destructive" cyber-attack.