Investigators are heavily under the impression that the same group of hackers who were held responsible for the power outages stretching over several regions of Ukraine last Christmas, may now be back, after the power grid was shut down once again. This time the hackers have shut down the power supply reaching the northern Ukraine over the Christmas weekend.
According to Ukrenergo, a Ukrainian energy provider, a cyber attack that hit the Keiv’s power grid is likely to be the cause of the power outages. This massive blackout impacted the country’s capital, Keiv, as well as surrounding areas. The Ukrenergo director, Vsevolod Kovalchuk explained the outage on a Facebook post.
Moments after this incident happened, the Ukrenergo engineers had to switch the system into manual mode and then start the process of turning the power grid back on. Thankfully, the power was fully restored after an hour and fifteen-minute blackout across Ukraine.
Kovalchuk stated that the one in which is held responsible for this massive weekend-long outage can be an “external interference through data network.” However, the Ukrenergo’s cybersecurity experts are still investigating the incident and will provide more information about the attack in future reports.
While the reasoning behind the power outage is still unknown, the local authorities believe that this unexpected blackout may be the latest in a series of cyber attacks that included Ukrainian financial institutions.
Back in 2015, the Ukrainian energy blackouts had been caused via malware attacks, well known as BlackEnergy. This malware was distributed by means of boobytrapped word documents, ultimately leading to the recipients tricked into enabling the macros to self-activate and start the malicious payload.
It was in 2015 in which the Ukraine state security service SBU had blamed the Russians for the massive outages – implying they planted the malware on networks throughout several different energy companies. On another note, the United States cyber firm, iSight Partners, identified the perpetrators as a Russian group of hackers called Sandworm.
While the security experts working this case have not found any strong evidence to link the recent attacks to the Russian hackers, they do believe that these cyber-attacks appear to be from a “nation state with significant resources.”