February 27, 2016
A December outage in Ukraine that caused 225,000 customers to lose electricity was the work of hackers, a report prepared by US Department of Homeland Security officials has determined.
The report published Thursday by the DHS Industrial Control Systems Cyber Emergency Response Team largely agrees with analysis provided last month by a member of the SANS industrial control systems team—that the December 23 outage was caused by external hackers. As Ars reported earlier, the unscheduled interruptions are the first confirmed instance of someone using hacking to generate a power outage.
None of the analysis so far has determined the precise role played by “BlackEnergy,” a malware package discovered in 2007 that infected at least three of the substations involved in the outage. While initial research speculated that BlackEnergy and an added data-wiping component called KillDisk may have given attackers access or allowed them to carry out destructive events causing the power to go out, the DHS report holds out the possibility that the two pieces of malware were used only after the outage in an attempt either to destroy evidence or make recovery more difficult.