Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

2016 Kyiv cyberattack

From Wikipedia, the free encyclopedia
Cyberattack on a power grid in Kiev, Ukraine
icon
This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "2016 Kyiv cyberattack" – news ·newspapers ·books ·scholar ·JSTOR(November 2023) (Learn how and when to remove this message)

Acyberattack happened in the Ukrainian capitalKiev just before midnight on 17 December 2016, and lasted for just over an hour.[1][2] The national electricity transmission operatorUkrenergo said that the attack had cut one fifth of the city's power consumption at that time of night.[1]

Attack

[edit]

The attack affected the 330 kilowattelectrical substation "North" at Pivnichna, outside the capital.[1] It happened a year after aprevious attack on Ukraine's power grid.[1]

Dragos Security concluded that the attack was not merely to cause short-term disruption but to cause long-lasting damage that could last weeks or months.[3] The attackers had tried to cause physical damage to the station when the operators turned the grid back on.[3] The attack usedIndustroyer malware and has the ability to attack hardware including SIPROTEC protective relays.[3] These protective relays opencircuit breakers if they detect dangerous conditions.[3] A security flaw meant that a singlepacket could put the relays in a state where it would be useless unless manuallyrebooted.[3] Siemens released a software patch in 2015 to fix the issue, but many relays weren't updated with it.[3] Evidence from logs obtained by Dragos Security showed the attackers initially opened every circuit breaker in the transmission station, causing a power cut.[3] Then an hour later they ranwiper malware to disable the station's computer, making it impossible to monitor the station.[3] Finally, the attackers tried to disable four of the stations SIPROTEC protective relays, which could not be detected by operators.[3] Dragos concluded that the attackers intended the operators to re-engergise the station equipment, which could have injured engineers and damaged equipment.[3] The data packets intended for the protective relays were sent to the wrong IP address.[3] The operators may also have brought the station back online faster than attackers expected.[3]

Follow-on attack

[edit]

In April 2022, Ukrainian authorities announced that they had prevented a cyberattack that used malware similar to Industroyer.[4]

See also

[edit]

References

[edit]
  1. ^abcd"Ukraine power cut 'was cyber-attack'".BBC News. 2017-01-11. Retrieved2022-07-07.
  2. ^Polityuk, Pavel; Vukmanovic, Oleg; Jewkes, Stephen (18 January 2017)."Ukraine's power outage was a cyber attack - Ukrenergo".Reuters. Retrieved23 May 2024.
  3. ^abcdefghijklGreenberg, Andy (2019-09-12)."New Clues Show How Russia's Grid Hackers Aimed for Physical Destruction".Wired.Archived from the original on 2019-09-13. Retrieved2022-07-07.
  4. ^Rundle, James; Stupp, Catherine (12 April 2022)."Ukraine Thwarts Cyberattack on Electric Grid, Officials Say".The Wall Street Journal. Retrieved23 May 2024.
Retrieved from "https://en.wikipedia.org/w/index.php?title=2016_Kyiv_cyberattack&oldid=1336325552"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2026 Movatter.jp