The power outage last month in Ukraine that put 80,000 people in the dark was the first electricity failure caused by a computer hack, the U.S. Department of Homeland Security has confirmed. Researchers previously suggested that a strain of malicious software known as BlackEnergy, a favorite of Russian hacking groups, was responsible.
The December 23 outage at the Prykarpattyaoblenergo power plant in western Ukraine was a nightmare scenario come true for cybersecurity researchers who have warned it was a question of when, not if, hackers managed to infiltrate a critical infrastructure facility.
DHS issued an advisory Tuesday confirming initial evidence that BlackEnergy malware first infected the plant’s systems after a successful spearphishing email attack, when hackers sent what appears to be a normal message to a high value target. Homeland Security and the FBI are among the international investigators still examining the cyberattack.
DHS’s Industrial Control Systems Cyber Emergency Response Team emailed the advisory to Reuters Tuesday, confirming that malware analysis yielded evidence that BlackEnergy 3 was found lurking on Ukrainian networks. It’s the same method of attack that was used against a number of U.S. critical infrastructure targets in 2014, though it’s not clear if any of those incidents led to a similar electricity failure.
The attack has been blamed on Sandworm, a group Russian government sponsored hackers that have spent years harassing Ukrainian officials and their allies.
“There is a darkening sky,” former U.S. National Security Director Michael Hayden told the Christian Science Monitor Tuesday of the Ukraine attack. “This is another data point an an arc that we’ve long predicted.”