 | This article needs additional citations for
verification. (November 2023) |
A cyberattack happened in the Ukrainian capital Kyiv just before midnight on 17 December 2016, and lasted for just over an hour. [1] The national electricity transmission operator Ukrenergo said that the attack had cut one fifth of the city's power consumption at that time of night. [1]
Attack
The attack affected the electrical substation at Pivnichna, outside the capital. [1] It happened a year after a previous attack on Ukraine's power grid. [1]
Dragos Security concluded that the attack was not merely to cause short-term disruption but to cause long-lasting damage that could last weeks or months. [2] The attackers had tried to cause physical damage to the station when the operators turned the grid back on. [2] The attack used Industroyer malware and has the ability to attack hardware including SIPROTEC protective relays. [2] These protective relays open circuit breakers if they detect dangerous conditions. [2] A security flaw meant that a single packet could put the relays in a state where it would be useless unless manually rebooted. [2] Siemens released a software patch in 2015 to fix the issue, but many relays weren't updated with it. [2] Evidence from logs obtained by Dragos Security showed the attackers initially opened every circuit breaker in the transmission station, causing a power cut. [2] Then an hour later they ran wiper malware to disable the station's computer, making it impossible to monitor the station. [2] Finally, the attackers tried to disable four of the stations SIPROTEC protective relays, which could not be detected by operators. [2] Dragos concluded that the attackers intended the operators to re-engergise the station equipment, which could have injured engineers and damaged equipment. [2] The data packets intended for the protective relays were sent to the wrong IP address. [2] The operators may also have brought the station back online faster than attackers expected. [2]
See also
References
| This article needs additional citations for
verification. (November 2023) |
A cyberattack happened in the Ukrainian capital Kyiv just before midnight on 17 December 2016, and lasted for just over an hour. [1] The national electricity transmission operator Ukrenergo said that the attack had cut one fifth of the city's power consumption at that time of night. [1]
Attack
The attack affected the electrical substation at Pivnichna, outside the capital. [1] It happened a year after a previous attack on Ukraine's power grid. [1]
Dragos Security concluded that the attack was not merely to cause short-term disruption but to cause long-lasting damage that could last weeks or months. [2] The attackers had tried to cause physical damage to the station when the operators turned the grid back on. [2] The attack used Industroyer malware and has the ability to attack hardware including SIPROTEC protective relays. [2] These protective relays open circuit breakers if they detect dangerous conditions. [2] A security flaw meant that a single packet could put the relays in a state where it would be useless unless manually rebooted. [2] Siemens released a software patch in 2015 to fix the issue, but many relays weren't updated with it. [2] Evidence from logs obtained by Dragos Security showed the attackers initially opened every circuit breaker in the transmission station, causing a power cut. [2] Then an hour later they ran wiper malware to disable the station's computer, making it impossible to monitor the station. [2] Finally, the attackers tried to disable four of the stations SIPROTEC protective relays, which could not be detected by operators. [2] Dragos concluded that the attackers intended the operators to re-engergise the station equipment, which could have injured engineers and damaged equipment. [2] The data packets intended for the protective relays were sent to the wrong IP address. [2] The operators may also have brought the station back online faster than attackers expected. [2]