Written by: Daniel Jennings
A widely feared nightmare scenario has finally occurred, although in another country — hackers were able to cause a widespread power failure in the Ukraine by infecting utilities’ computers with malware.
It is the first time a cyberattack has caused a widespread blackout anywhere in the world.
Half of the homes in the Ivano-Frankivsk region of the Ukraine lost electricity because of a malicious software program called Black Energy.
“It’s a milestone because we’ve definitely seen targeted destructive events against energy before — oil firms, for instance — but never the event which causes the blackout,” John Hultquist of the cybersecurity firm iSIGHT told Ars Technica. “It’s the major scenario we’ve all been concerned about for so long.”
Ukrainians lost power Dec. 23 after computers at three different utilities were infected with Black Energy. The program caused the blackout by somehow disconnecting a number of substations from the grid.
“This is the first time we have proof and can tie malware to a particular outage,” Trend Micro senior researcher Kyle Wilhoit told Reuters. “It is pretty scary.”
Experts at iSIGHT and antivirus company ESET identified an updated version of Black Energy, a malware that’s been around since 2007, as the cause of the blackout. The researchers said Black Energy apparently contains an updated component called KillDisk that can shut down industrial control systems.
KillDisk is a Trojan that embeds itself inside computer controlled equipment. Once there, it can either serve as a gateway to let hackers take control of the system or insert malicious code which sabotages the equipment. Some versions of KillDisk have the ability to destroy hard drives and other computer components.
Black Energy has been targeting various targets in the Ukraine, including media outlets, for about a year, Ars Technica reported. Black Energy is a particularly terrifying weapon because it enters systems through infected Microsoft Office documents.
The Sandworm Gang
Cybersecurity experts think a mysterious group of hackers that iSIGHT has dubbed the Sandworm Gang is behind Black Energy. Nobody knows where the Sandworm Gang is located, but iSIGHT suspects that they are Russians or have ties to the Russian government.
This is not the first time that hackers have infected a utility. In 2012, someone infected Saudi Arabia’s largest natural gas producer with malware.
Experts including Ted Koppel think it is only a matter of time before something like Black Energy targets America’s power grid. Koppel says such a cyberattack could knock out the US and Canadian power grids for weeks or months and lead to mass starvation in North America.