Movatterモバイル変換

2015 Ukraine power grid hack

From Wikipedia, the free encyclopedia

First registered successful hacking attack on power grid

On December 23, 2015, thepower grid in two western oblasts ofUkraine was hacked, which resulted inpower outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoingRusso-Ukrainian War (2014-present) and is attributed to a Russianadvanced persistent threat group known as "Sandworm".^[1] It is the first publicly acknowledged successful cyberattack on a power grid.^[2]

Description

[edit]

On 23 December 2015, hackers using theBlackEnergy 3 malware remotely compromised information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers. Most affected were consumers of Prykarpattyaoblenergo (Ukrainian:Прикарпаттяобленерго; servicingIvano-Frankivsk Oblast): 30 substations (7 110kv substations and 23 35kv substations) were switched off, and about 230,000 people were without electricity for a period from 1 to 6 hours.^[3]

At the same time, consumers of two other energy distribution companies, Chernivtsioblenergo (Ukrainian:Чернівціобленерго; servicingChernivtsi Oblast) and Kyivoblenergo (Ukrainian:Київобленерго; servicingKyiv Oblast) were also affected by a cyberattack, but at a smaller scale. According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to theRussian Federation.^[4]

Vulnerability

[edit]

In 2019, it was argued that Ukraine was a special case, comprising unusually dilapidated infrastructure, a high level of corruption, the ongoingRusso-Ukrainian War, and exceptional possibilities for Russian infiltration due to the historical links between the two countries.^[5] The Ukrainian power grid was built when it was part of the Soviet Union, has been upgraded with Russian parts and (as of 2022), still not been fixed.^{[clarification needed]} Russian attackers are as familiar with the software as operators. Furthermore, the timing of the attack during the holiday season guaranteed only a skeleton crew of Ukrainian operators were working (as shown in videos).^[6]

Method

[edit]

The cyberattack was complex and consisted of the following steps:^[4]

Prior compromise of corporate networks usingspear-phishing emails withBlackEnergy malware
SeizingSCADA under control, remotely switching substations off
Disabling/destroyingIT infrastructure components (uninterruptible power supplies,modems,RTUs, commutators)
Destruction of files stored on servers and workstations with the KillDisk malware
Denial-of-service attack on call-center to deny consumers up-to-date information on the blackout.
Emergency power at the utility company’s operations center was switched off.^[6]

In total, up to 73MWh of electricity was not supplied (or 0.015% of daily electricity consumption inUkraine).^[4]

References

[edit]

^Jim Finkle (7 January 2016)."U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters.Archived from the original on 23 June 2017. Retrieved2 July 2017.
^Kostyuk, Nadiya; Zhukov, Yuri M. (2019-02-01)."Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events?".Journal of Conflict Resolution.63 (2):317–347.doi:10.1177/0022002717737138.ISSN 0022-0027.S2CID 44364372.Archived from the original on 2022-02-25. Retrieved2022-02-25.
^Zetter, Kim (3 March 2016)."Inside the cunning, unprecedented hack of Ukraine's power grid".Wired. San Francisco, California, USA.ISSN 1059-1028.Archived from the original on 2021-02-08. Retrieved2021-02-08.
^^a ^b ^c"Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж".mpe.kmu.gov.ua. Міністерство енергетики та вугільної промисловості України. 2016-02-12.Archived from the original on 2016-08-15. Retrieved2016-10-10.
^Overland, Indra (1 March 2019)."The geopolitics of renewable energy: debunking four emerging myths".Energy Research and Social Science.49:36–40.doi:10.1016/j.erss.2018.10.018.hdl:11250/2579292.ISSN 2214-6296.Archived from the original on 2021-08-19. Retrieved2021-02-08.
^^a ^bSanger, David E.; Barnes, Julian E. (2021-12-20)."U.S. and Britain Help Ukraine Prepare for Potential Russian Cyberassault".The New York Times.ISSN 0362-4331.Archived from the original on 2022-01-16. Retrieved2022-01-17.

External links

[edit]

Adi Nae Gamliel (2017-10-6)"Securing Smart Grid and Advanced Metering Infrastructure".
Andy Greenberg (2017-06-20)."How An Entire Nation Became Russia's Test Lab for Cyberwar". Wired.
Kim Zetter (2016-03-03)."Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid". Wired.
Kim Zetter (2016-01-20)."Everything We Know About Ukraine's Power Plant Hack". Wired.
John Hulquist (2016-01-07)."Sandworm Team and the Ukrainian Power Authority Attacks".FireEye.
ICS-CERT, [https://www.cisa.gov/uscert/ics/advisories/ICSA-16-336-02)
ICS-CERT,Cyber-Attack Against Ukrainian Critical Infrastructure (IR-ALERT-H-16-056-01)

v t e Russo-Ukrainian war
Background	Dissolution of the Soviet Union Black Sea Fleet dispute Budapest Memorandum 2003 Tuzla Island conflict Orange Revolution 2007 Munich speech of Vladimir Putin Russia–Ukraine gas disputes Euromaidan Revolution of Dignity Putinism Foundations of Geopolitics Ruscism Russian irredentism Russian imperialism
Main events	Annexation of Crimea by the Russian Federation timeline 2014 pro-Russian unrest in Ukraine timeline 2014 Odesa clashes War in Donbas timeline List of Russian units which invaded the territory of Ukraine Wagnergate Prelude to the Russian invasion of Ukraine reactions Russo-Ukrainian war (2022–present) timeline 2022 Russian invasion of Ukraine 2022 Russian annexation referendums destruction of the Kakhovka Dam
Impact and reactions	International sanctions sanctioned people and organisations 2022–2023 Russia–European Union gas dispute Military aid to Ukraine OSCE Special Monitoring Mission to Ukraine Act of 2014 China and the Russian invasion of Ukraine North Korean involvement in the Russo-Ukrainian war (2022–present) Iran and the Russo-Ukrainian war (2022–present) United States and the Russian invasion of Ukraine ICJ case ORDLO ATO International reactions to the war in Donbas Casualties of the Russo-Ukrainian War journalists killed Foreign fighters in the Russo-Ukrainian War 2014 Crimean status referendum Political status of Crimea 2021 Black Sea incident 2021–2023 global supply chain crisis Economic impact of the Russo-Ukrainian war (2022–present) Eurointegration of Ukraine Soviet imagery Lend-Lease (2022) Diplomatic expulsions Russian spies ICC arrest warrant for Vladimir Putin Wagner Group rebellion LGBT people Lukoil oil transit dispute Ukrainian energy crisis 2025 Slovak–Ukraine gas dispute
Cyberwarfare	2015 Ukraine power grid hack 2016 Kyiv cyberattack 2016 Surkov leaks 2017 Ukraine ransomware attacks 2022 Ukraine cyberattacks IT Army of Ukraine 2022 activities of Anonymous against Russia 2024 Ukrainian cyberattacks against Russia
Media	Little green men Social media Media portrayal Disinformation in the 2022 invasion Propaganda in Russia Films
Related	Russia–Ukraine relations Russian language in Ukraine Demolition of monuments to Vladimir Lenin in Ukraine 2014 anti-war protests in Russia 2018 Moscow–Constantinople schism Control of cities Aircraft losses during the Russo-Ukrainian War Ship losses during the Russo-Ukrainian War Moldova and the Russo-Ukrainian War Ukraine and electronic warfare Ukrainian conscription crisis Forced transfer of Ukrainian children to Russia
Category

Ukraine articles

History

Chronology

By topic

Education Corruption Gender inequality Health Abortion HIV/AIDS Swine flu pandemic (2009–10) COVID-19 pandemic Crime andsuicide Human rights Freedom of the press LGBT Human trafficking Languages Minorities Prostitution Religion
Culture	Animation Architecture Kievan Rus' Baroque Art Nouveau Ukrainian khata Wooden churches Arts Icon painting Cinema Crafts Motanka Kosiv ceramics Opishnia ceramics Petrykivka painting Pysanka Rushnyk Cuisine Borscht Wine Dance Dress Kobeniak Kozhukh/Kozhushanka Ochipok Sharovary Vyshyvanka Embroidery Wreath Folklore Kazka Holidays New Year Day of Unity Butter Week Easter Green Week Kupala Night Independence Day Pokrova/Defenders Day Saint Nicholas Day Christmas Malanka Traditional wedding Intangible Cultural Heritage Literature Media Music Bandura Duma/Dumka Kobzar Koliadka Shchedryk Singing Cossack songs Opera Traditional singing Photography Sport
Demographics	Ukrainian people Rus' people Ruthenians Gente Ruthenus, natione Polonus Diaspora Refugees Immigration to Ukraine Censuses Women

Outline

Hacking in the 2010s

← 2000s

Timeline

2020s →

Major incidents

2010	Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback
2011	Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise
2012	LinkedIn hack Stratfor email leak Operation High Roller
2013	South Korea cyberattack Snapchat hack Cyberterrorism attack of June 25 2013 Yahoo! data breach Singapore cyberattacks
2014	Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach
2015	Office of Personnel Management data breach HackingTeam Ashley Madison data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack
2016	Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack
2017	SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Equifax data breach Deloitte breach Disqus breach
2018	Trustico Atlanta cyberattack SingHealth data breach
2019	Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident

Hacktivism

Groups

Individuals

Majorvulnerabilities
publiclydisclosed

Evercookie (2010)
iSeeYou (2013)
Heartbleed (2014)
Shellshock (2014)
POODLE (2014)
Rootpipe (2014)
Row hammer (2014)
SS7 vulnerabilities (2014)
WinShock (2014)
JASBUG (2015)
Stagefright (2015)
DROWN (2016)
Badlock (2016)
Dirty COW (2016)
Cloudbleed (2017)
Broadcom Wi-Fi (2017)
EternalBlue (2017)
DoublePulsar (2017)
Silent Bob is Silent (2017)
KRACK (2017)
ROCA vulnerability (2017)
BlueBorne (2017)
Meltdown (2018)
Spectre (2018)
EFAIL (2018)
Exactis (2018)
Speculative Store Bypass (2018)
Lazy FP state restore (2018)
TLBleed (2018)
SigSpoof (2018)
Foreshadow (2018)
Dragonblood (2019)
Microarchitectural Data Sampling (2019)
BlueKeep (2019)
Kr00k (2019)

Malware

2010	Bad Rabbit Black Energy 2 SpyEye Stuxnet
2011	Coreflood Alureon Duqu Kelihos Metulji botnet Stars
2012	Carna Dexter FBI Flame Mahdi Red October Shamoon
2013	CryptoLocker DarkSeoul
2014	Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin
2015	Dridex Hidden Tear Rombertik TeslaCrypt Project Sauron
2016	Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya X-Agent
2017	BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy
2018	VPNFilter
2019	Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet