The Ukrainian power grid has become a prized target for cyber criminals in the country. In December of 2016, the power grid suffered a cyber attack, which left customers all over Ukraine without power for roughly one hour. As it turns out, this is the second time someone successfully hacks a Ukrainian power facility. A similar incident occurred in December of 2015, which affected close to 230,000 people.
Second Ukrainian Power Facility Hack in Twelve Months
One of the obvious questions would be why these Ukrainian power facilities are connected to the internet to begin with. It is understandable services such as email require a connection to the outside world, but there is no reason hackers should be able to compromise the plant’s security so easily. Especially since there has been another hacking incident twelve months prior.
In this latest attack, hackers breached the security of a transmission facility. Even though its impact was rather limited compared to the 2015 distribution facility hack, the hack highlights a bigger underlying security problem these facilities are dealing with. Disrupting a transmission facility could impact a much wider area, but it appears that was not the end goal of whoever hacked into the system.
According to reports, the attack was aimed at the Pivnichna substation just outside of Kiev. Power was cut a few minutes before midnight on December 17, and the outage took just over one hour to fix. All things considered, most people didn’t even notice the power outage, but it did affect a part of Kiev and its surrounding areas.
Preliminary investigation results indicate the 2016 hack was carried by the same people who targeted a Ukrainian distribution facility in 2015. That earlier investigation was blamed on Russian state-sponsored hackers, although those claims were never backed up with solid evidence. Moreover, the security researchers investigating the matter claim these individuals were responsible for other high-value hacks in Ukraine which affected the commercial and government sectors.
What is rather troublesome is how both of these power grid hacks can be seen as “probing,” rather than malicious intent. It is possible the hackers are just experimenting with new techniques in the Ukraine, before upping their game and attacking different regions. Moreover, it is unclear what their motive or objective is, as there has been no demand for compensation or anything of the sorts.
It also appears the hackers deliberately took a “softer” approach to this hack against the transmission facility. By shutting down the remote-terminal units, it was easy to restore power rather quickly. No operator machines were destroyed in the process, and no firmware was overwritten with a malicious client. The full results of this investigation will be released later this year, albeit it is unclear how long this process may take.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.