 | This article needs additional citations for verification .(November 2023) |
A cyberattack happened in the Ukrainian capital Kyiv just before midnight on 17 December 2016, and lasted for just over an hour. [1] [2] The national electricity transmission operator Ukrenergo said that the attack had cut one fifth of the city's power consumption at that time of night. [1]
The attack affected the 330 kilowatt electrical substation "North" at Pivnichna, outside the capital. [1] It happened a year after a previous attack on Ukraine's power grid. [1]
Dragos Security concluded that the attack was not merely to cause short-term disruption but to cause long-lasting damage that could last weeks or months. [3] The attackers had tried to cause physical damage to the station when the operators turned the grid back on. [3] The attack used Industroyer malware and has the ability to attack hardware including SIPROTEC protective relays. [3] These protective relays open circuit breakers if they detect dangerous conditions. [3] A security flaw meant that a single packet could put the relays in a state where it would be useless unless manually rebooted. [3] Siemens released a software patch in 2015 to fix the issue, but many relays weren't updated with it. [3] Evidence from logs obtained by Dragos Security showed the attackers initially opened every circuit breaker in the transmission station, causing a power cut. [3] Then an hour later they ran wiper malware to disable the station's computer, making it impossible to monitor the station. [3] Finally, the attackers tried to disable four of the stations SIPROTEC protective relays, which could not be detected by operators. [3] Dragos concluded that the attackers intended the operators to re-engergise the station equipment, which could have injured engineers and damaged equipment. [3] The data packets intended for the protective relays were sent to the wrong IP address. [3] The operators may also have brought the station back online faster than attackers expected. [3]
In April 2022, Ukrainian authorities announced that they had prevented a cyberattack that used malware similar to Industroyer. [4]
ESET, s.r.o., is a software company specializing in cybersecurity. ESET's security products are made in Europe and provide security software in over 200 countries and territories worldwide. Its software is localized into more than 30 languages.
Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.
Power system protection is a branch of electrical power engineering that deals with the protection of electrical power systems from faults through the disconnection of faulted parts from the rest of the electrical network. The objective of a protection scheme is to keep the power system stable by isolating only the components that are under fault, whilst leaving as much of the network as possible in operation. The devices that are used to protect the power systems from faults are called protection devices.
Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."
In computer security, a wiper is a class of malware intended to erase the hard drive or other static memory of the computer it infects, maliciously deleting data and programs.
A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack.
Idaho National Laboratory ran the Aurora Generator Test in 2007 to demonstrate how a cyberattack could destroy physical components of the electric grid. The experiment used a computer program to rapidly open and close a diesel generator's circuit breakers out of phase from the rest of the grid, thereby subjecting the engine to abnormal torques and ultimately causing it to explode. This vulnerability is referred to as the Aurora Vulnerability.
Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field.
On December 23, 2015, the power grid in two western oblasts of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-present) and is attributed to a Russian advanced persistent threat group known as "Sandworm". It is the first publicly acknowledged successful cyberattack on a power grid.
Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.
A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germany, Italy, Poland, Russia, United Kingdom, the United States and Australia. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%. On 28 June 2017, the Ukrainian government stated that the attack was halted. On 30 June 2017, the Associated Press reported experts agreed that Petya was masquerading as ransomware, while it was actually designed to cause maximum damage, with Ukraine being the main target.
Industroyer is a malware framework considered to have been used in the cyberattack on Ukraine’s power grid on December 17, 2016. The attack cut a fifth of Kyiv, the capital, off power for one hour and is considered to have been a large-scale test. The Kyiv incident was the second cyberattack on Ukraine's power grid in two years. The first attack occurred on December 23, 2015. Industroyer is the first ever known malware specifically designed to attack electrical grids. At the same time, it is the fourth malware publicly revealed to target industrial control systems, after Stuxnet, Havex, and BlackEnergy.
Triton is malware first discovered at a Saudi Arabian petrochemical plant in 2017. It can disable safety instrumented systems, which can then contribute to a plant disaster. It has been called "the world's most murderous malware."
Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.
Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.
During the prelude to the Russian invasion of Ukraine and the Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.
The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022. The group also conducts offensive cyberwarfare operations, and Chief of Head of State Special Communications Service of Ukraine Victor Zhora said its enlisted hackers would only attack military targets.
Pipedream is a software framework for malicious code targeting programmable logic controllers (PLCs) and industrial control systems (ICS). First publicly disclosed in 2022, it has been described as a "Swiss Army knife" for hacking. It is believed to have been developed by state-level Advanced Persistent Threat actors.
Electrical grid security in the United States involves the physical and cybersecurity of the United States electrical grid. The smart grid allows energy customers and energy providers to more efficiently manage and generate electricity. Similar to other new technologies, the smart grid also introduces new security concerns.