A U.S Research released a report on Thursday after working on the blackout of the sizeable part of the Ukrainian national power grid, saying that this attack was highly sophisticated and well coordinated.
On Dec 23, the first cyber attacks to take down such a sizeable part of the power grid occurred, when three regional power grids in Ukraine went down. These electronic power distribution companies supply power to a huge amount of people, and within a span of 30 minutes, over a 225,000 people were cut off. Three other organizations, which contained critical Ukrainian infrastructure were also targeted and supposedly taken down, but the impacts to these organizations were not so adverse.
Such an attack has already been predicted by the U.S officials and is a cause for major worry for the country’s security agencies. Most top officials of the NSA (National Security Agency) and Cyber Commander Chief Adm. Michael Rogers, in fact, believe that it is not a matter of if, but when the U.S. will be targeted by these hackers.
A team of trained cyber officials from the U.S was sent to Ukraine with the purpose of helping them and learning from the attack, the strategies, and techniques used by the hackers. The team helped put together the pieces of the well-planned hack, and further conducted interviews with individuals and Ukrainian officials.
It seems from the observations that the hackers first conducted extensive reconnaissance on the networks they wanted to take down. The malware was first introduced possibly by using ‘spear-phishing’, which uses official-looking phony emails to gain access to passwords and usernames of the facility.
Using these, they hit the circuit breakers at the supply grid to disable power supply. After this, the hackers targeted other systems at the companies using a malware known as “KillDisk,” which deleted essential files from the system and rendered it useless. Some organizations also reported a malware called “BlackEnergy” found in their systems, although a specific pattern between them is yet to be noticed.
Further, the hackers also gained access to the management program of the UPS (Uninterrupted Power Supply) system internally through the system and managed to cut that off too. This interrupted with the power-restoration efforts of the organizations, where the systems were supposed to run even when the main power was cut off.
This blackout resulted in disruption of lives on people in the affected areas. The report gave several preventive techniques for preparedness for future disasters like these. Along these, the report suggests that the systems used to run critical infrastructure should be isolated from the internet as far as possible to prevent remote access.