IT experts say Ukraine blackout caused by a cyberattack
Kiev claims malware resposible for a computer virus that shut down networks of local electrical grids last month
KIEV — A power failure that plunged parts of western Ukraine into the dark last month was caused by a cyberattack, IT experts said Tuesday, and one source called it a world first.
The blackout, which hit a large part of the western region of Ivano-Frankivsk on December 23, was due to a computer virus, they said.
The local electricity company, Prikarpattiaoblenergo, said at the time that the breakdown was caused by “the intervention of unauthorized persons … in the remote access system” and its technicians had had to restore power manually.
But Ukraine’s SBU security service later said it found malware — programs designed to take over or damage systems — on the networks of several regional electricity companies.
“A virus which we’ve never seen before was detected… It causes damage. The automated systems stopped functioning and computers shut down,” said a Ukrainian source familiar with the incident on condition of anonymity.
A spokeswoman for the Ivano-Frankivsk SBU office Maria Rymar, said the agency was still working on the case.
“For the moment, we can’t say who did it and for what purpose,” she said.
The IT security firm ESET pinned the blame on a program called KillDisk that was introduced onto the electricity company’s computers on an infected Excel spreading document via “phishing” — tempting an employee to open an inocuous-looking file.
The company, which has been monitoring the spread of KillDisk and a companion program, said the virus deleted files in the computer systems, making them inoperable, and also contained code to sabotage industrial systems.
“It was a world first” in bringing down civilian infrastructure, ESET’s French subsidiary said in a statement.
“This attack can only confirm what professionals have been fearing — cyber-criminals are more and more powerful and cyberattacks will be more and more numerous in 2016.”
IT experts have been warning for years about cyber-security in vital civilian infrastructure such as power grids and transport.
Iran’s nuclear refining facilities were hobbled in 2010 by a virus called Stuxnet, which is suspected to have been developed by the United States and Israel.
That was believed to the first virus designed not just to steal information or hijack computers, but to damage equipment.