2016 Kyiv cyberattack

A cyberattack happened in the Ukrainian capital Kyiv just before midnight on 17 December 2016, and lasted for just over an hour.^[1]^[2] The national electricity transmission operator Ukrenergo said that the attack had cut one fifth of the city's power consumption at that time of night.^[1]

Attack

The attack affected the 330 kilowatt electrical substation "North" at Pivnichna, outside the capital.^[1] It happened a year after a previous attack on Ukraine's power grid.^[1]

Dragos Security concluded that the attack was not merely to cause short-term disruption but to cause long-lasting damage that could last weeks or months.^[3] The attackers had tried to cause physical damage to the station when the operators turned the grid back on.^[3] The attack used Industroyer malware and has the ability to attack hardware including SIPROTEC protective relays.^[3] These protective relays open circuit breakers if they detect dangerous conditions.^[3] A security flaw meant that a single packet could put the relays in a state where it would be useless unless manually rebooted.^[3] Siemens released a software patch in 2015 to fix the issue, but many relays weren't updated with it.^[3] Evidence from logs obtained by Dragos Security showed the attackers initially opened every circuit breaker in the transmission station, causing a power cut.^[3] Then an hour later they ran wiper malware to disable the station's computer, making it impossible to monitor the station.^[3] Finally, the attackers tried to disable four of the stations SIPROTEC protective relays, which could not be detected by operators.^[3] Dragos concluded that the attackers intended the operators to re-engergise the station equipment, which could have injured engineers and damaged equipment.^[3] The data packets intended for the protective relays were sent to the wrong IP address.^[3] The operators may also have brought the station back online faster than attackers expected.^[3]

Follow-on attack

In April 2022, Ukrainian authorities announced that they had prevented a cyberattack that used malware similar to Industroyer.^[4]

References

^ ^a ^b ^c ^d "Ukraine power cut 'was cyber-attack'". BBC News. 2017-01-11. Retrieved 2022-07-07.
^ Polityuk, Pavel; Vukmanovic, Oleg; Jewkes, Stephen (18 January 2017). "Ukraine's power outage was a cyber attack - Ukrenergo". Reuters. Retrieved 23 May 2024.
^ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ ^j ^k ^l Greenberg, Andy (2019-09-12). "New Clues Show How Russia's Grid Hackers Aimed for Physical Destruction". Wired. Archived from the original on 2019-09-13. Retrieved 2022-07-07.
^ Rundle, James; Stupp, Catherine (12 April 2022). "Ukraine Thwarts Cyberattack on Electric Grid, Officials Say". The Wall Street Journal. Retrieved 23 May 2024.

[bbc-ukraine-power-cut-was-cyberattack-1] "Ukraine power cut 'was cyber-attack'". BBC News. 2017-01-11. Retrieved 2022-07-07.

[2] Polityuk, Pavel; Vukmanovic, Oleg; Jewkes, Stephen (18 January 2017). "Ukraine's power outage was a cyber attack - Ukrenergo". Reuters. Retrieved 23 May 2024.

[wired-new-clues-3] ^ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ ^j ^k ^l Greenberg, Andy (2019-09-12). "New Clues Show How Russia's Grid Hackers Aimed for Physical Destruction". Wired. Archived from the original on 2019-09-13. Retrieved 2022-07-07.

[4] Rundle, James; Stupp, Catherine (12 April 2022). "Ukraine Thwarts Cyberattack on Electric Grid, Officials Say". The Wall Street Journal. Retrieved 23 May 2024.

[1]

[2]

[3]

[4]

2016 Kyiv cyberattack

2016 Kyiv cyberattack

2016 Kyiv cyberattack

Add your contribution

Hub overview

Root Wikipedia Article

2016 Kyiv cyberattack

Attack

Follow-on attack

See also

References