An investigation into a power outage that left customers in Ukraine without electricity for an hour last month has concluded that the cause was indeed a cyberattack, Motherboard reports citing its sources.
This would be the second such known hack of a Ukrainian power facility following a massive December 2015 power outage affecting about 230,000 people, which was later blamed on the Russian government.
The more recent attack occurred at a transmission facility, as opposed to the 2015 attack that affected a distribution facility, and was not as far-reaching (although it could have been much worse—as disruptions to a transmission facility could impact a wider area than distribution facilities). But taken together, the implications of both attacks and a series of other breaches around Ukraine suggest that someone, or various individuals, may be using the country as a testbed for refining attacks on critical infrastructure that could be used across the world.
The attack last month, which occurred almost exactly one year after the previous outage, struck the Pivnichna substation outside the capital city Kyiv, and cut power a few minutes before midnight local time December 17, leaving customers in part of Kyiv and a surrounding area in the dark on a Saturday night. The outage lasted only an hour, and power was restored a little after 1 am.
Ukrainian security researchers involved in the investigation say they believe the attack was conducted by the same hackers who cut power in Ukraine a year ago. They also believe the attackers may be responsible for a series of other attacks that have struck other high-value Ukrainian targets in the commercial and government sectors, including the national railway system and the Ministry of Finance, which were hit around the same time.
Ukraine’s intelligence service attributed the 2015 attack to Russia, without providing any evidence to support the claim. No one has publicly attributed this latest attack to Russia or anyone else.
UkrEnergo, the national power company that oversees the Pivnichna substation and others, told customers after this last outage that it was unclear if it was the result of hackers or equipment failure, but the researchers say there is now no question it was the result of an intrusion.