New study hints at the potential motives behind the 2016 blackout in Ukraine

Image via PexelsIn December 2016, Russian hackers planted a malware usually referred to as "Industroyer" or "Crash Override", in Ukrenergo's network, which is Ukraine's national grid operator. At midnight, two days before Christmas, the cybercriminals used the deployed malware to trip every single circuit breaker in a transmission station in the proximity of Kyiv, Ukraine's capital, resulting in an instant blackout that enveloped most areas of the capital city.The cyberattack has since then raised a tirade of questions with no definitive answers. First, what were the true motives behind this attack? And second, an even more baffling question, why was a malware so powerful it that can instantaneously descend an entire city into darkness remedied by the plant workers simply flipping on the circuit breakers an hour later from the attack?Researchers at Dragos, the industrial-control system cybersecurity firm, have released a paper where they have reconstructed the timeline of the 2016 Ukraine blackout in the hopes that it will shine some light on the aforementioned questions. The paper, titled, "CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack" , was produced after the team combed through the malware's code and revisited the network logs of Ukrenergo.Simply speaking, Dragos concluded based on the evidence that the hackers meant to inflict physical damage of a much greater intensity that would have extended the blackout to multiple weeks, if not months, and perhaps even put the lives of the plant-workers present on-site at risk. If this was the case, the malware that hit Kyiv's power supply would have been amongst the ranks of only two other pieces of malicious code in the wild, Stuxnet and Triton, that hit Iran and Saudi Arabia, respectively.The real meat of the argument lies in the details, however. Joe Slowik, the Dragos analyst who authored the paper said:> "While this ended up being a direct disruptive event, the tools deployed and the sequence in which they were used strongly indicate that the attacker was looking to do more than turn the lights off for a few hours. They were trying to create conditions that would cause physical damage to the transmission station that was targeted."More specifically, the theory given by Joe and Dragos hints at the ha ...Read more

Capital Peuple Avant Protection Incident Equipe Dommage Electricité Réseau Explosion Site web Information Pouvoir Line Cause Sécurité Suspects Question Attaquant Configuration Ville Code Oeil Heure Part Stage Gare Techdays Vulnérabilité Catastrophique Echec Risque Attaque Ferme Direct Journée Décembre Ukraine Iran Arabie Saoudite

Articles similaires