As many as 80,000 residents in western Ukraine lost power for six hours on Dec. 23. Cybersecurity firms SANS ICS and iSight Partners have attributed the blackout to Russian hacking group Sandworm and its malicious software, BlackEnergy 3.
Cyberattacks on power grids and other critical infrastructure are not new, but this most recent attack seems to be the first use of cyber as a weapon with kinetic effects during an ongoing conflict, highlighting the growing importance of cybersecurity.
While an analysis of the cyberattack is ongoing, BlackEnergy has a history of targeting information control systems.
For the Prikarpattiaoblenergo electric company in Ukraine, the malware and its subcomponent KillDisk shut down computer operating systems, which in turn ended up shutting down the local electrical grid. Hackers also sought to make it impossible for customers to report electrical issues to the electric company by blocking out the company’s phone system.
There may be other businesses that have been affected by BlackEnergy 3, as certain malware can have cascading effects. Luckily, the reported effects of the cyberattack have so far been relatively short-term.
