Ukraine: Russian fingerprints all over power grid hack

The cyberattack that took out a portion of Ukraine’s power grid was launched using a Russian-based Internet provider by hackers making phone calls from inside Russia, Ukraine’s energy minister said on Friday, Reuters reported.

Officials were revealing the findings of a two-month investigation into the digital hit, which wiped out power in late December for tens of thousands of people in central and western Ukraine. 

It’s thought to be the first blackout caused by hackers.

The Ukraine government stopped just short of blaming Moscow for orchestrating the attack, despite widespread suspicion that Russian authorities were behind the incident.

{mosads}Russia and Ukraine have been sparring since Moscow annexed the Crimea peninsula in March 2014 amid pro-Russia separatist violence.

According to officials, the hackers targeted three power distribution companies. After shutting down customers’ electricity, the digital assailants used a distributed denial-of-service attack to overwhelm the call centers with fake phone calls to stop the outages from being reported.

“According to one of the power companies, the connection by the attackers to its IT network occurred from a subnetwork … belonging to an [Internet service] provider in the Russian Federation,” Ukraine’s energy minister said in a statement.

Deputy Energy Minister Oleksander Svetelyk told Reuters the hackers spent half a year preparing for the assault.

“The attack on our systems took at least six months to prepare — we have found evidence that they started collecting information no less than six months before the attack,” Svetelyk said.

The attack was also part of a broader digital assault that also targeted a mining company and railway operator in the country, according to researchers security firm TrendMicro.

The firm on Thursday released new findings showing that the malware family suspected to be responsible for the blackout, BlackEnergy, “has evolved from being just an energy sector problem.”

And the coordination would appear to indicate government backing, TrendMicro said in a blog post.

“While the motivation for the said attacks has been the subject of heavy speculation, these appear to be aimed at crippling Ukrainian public and critical infrastructure in what could only be a politically motivated strike.”

The novel nature of the incident has unnerved governments and critical infrastructure companies worldwide.

The Department of Homeland Security assisted the Ukrainian government in its investigation and issued a warning to U.S. electrical companies about cyber vulnerabilities.

Security experts have long warned that many U.S. energy companies are relying on weak and underfunded cyber defenses, leaving the power grid exposed to hackers in the meantime.