2015 Ukraine power grid hack

Last updated March 03, 2025

On December 23, 2015, the power grid in two western oblasts of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-present) and is attributed to a Russian advanced persistent threat group known as "Sandworm".^[1] It is the first publicly acknowledged successful cyberattack on a power grid.^[2]

Description

On 23 December 2015, hackers using the BlackEnergy 3 malware remotely compromised information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers. Most affected were consumers of Prykarpattyaoblenergo (Ukrainian : Прикарпаттяобленерго; servicing Ivano-Frankivsk Oblast): 30 substations (7 110kv substations and 23 35kv substations) were switched off, and about 230,000 people were without electricity for a period from 1 to 6 hours.^[3]

At the same time, consumers of two other energy distribution companies, Chernivtsioblenergo (Ukrainian : Чернівціобленерго; servicing Chernivtsi Oblast) and Kyivoblenergo (Ukrainian : Київобленерго; servicing Kyiv Oblast) were also affected by a cyberattack, but at a smaller scale. According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to the Russian Federation.^[4]

Vulnerability

In 2019, it was argued that Ukraine was a special case, comprising unusually dilapidated infrastructure, a high level of corruption, the ongoing Russo-Ukrainian War, and exceptional possibilities for Russian infiltration due to the historical links between the two countries.^[5] The Ukrainian power grid was built when it was part of the Soviet Union, has been upgraded with Russian parts and (as of 2022), still not been fixed.^{[ clarification needed ]} Russian attackers are as familiar with the software as operators. Furthermore, the timing of the attack during the holiday season guaranteed only a skeleton crew of Ukrainian operators were working (as shown in videos).^[6]

Method

The cyberattack was complex and consisted of the following steps:^[4]

Prior compromise of corporate networks using spear-phishing emails with BlackEnergy malware
Seizing SCADA under control, remotely switching substations off
Disabling/destroying IT infrastructure components (uninterruptible power supplies, modems, RTUs, commutators)
Destruction of files stored on servers and workstations with the KillDisk malware
Denial-of-service attack on call-center to deny consumers up-to-date information on the blackout.
Emergency power at the utility company’s operations center was switched off.^[6]

In total, up to 73 MWh of electricity was not supplied (or 0.015% of daily electricity consumption in Ukraine).^[4]

References

↑ Jim Finkle (7 January 2016). "U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters. Archived from the original on 23 June 2017. Retrieved 2 July 2017.
↑ Kostyuk, Nadiya; Zhukov, Yuri M. (2019-02-01). "Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events?". Journal of Conflict Resolution. 63 (2): 317–347. doi:10.1177/0022002717737138. ISSN 0022-0027. S2CID 44364372. Archived from the original on 2022-02-25. Retrieved 2022-02-25.
↑ Zetter, Kim (3 March 2016). "Inside the cunning, unprecedented hack of Ukraine's power grid". Wired . San Francisco, California, USA. ISSN 1059-1028. Archived from the original on 2021-02-08. Retrieved 2021-02-08.
1 2 3 "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". mpe.kmu.gov.ua. Міністерство енергетики та вугільної промисловості України. 2016-02-12. Archived from the original on 2016-08-15. Retrieved 2016-10-10.
↑ Overland, Indra (1 March 2019). "The geopolitics of renewable energy: debunking four emerging myths". Energy Research and Social Science . 49: 36–40. doi: 10.1016/j.erss.2018.10.018 . hdl: 11250/2579292 . ISSN 2214-6296. Archived from the original on 2021-08-19. Retrieved 2021-02-08.
1 2 Sanger, David E.; Barnes, Julian E. (2021-12-20). "U.S. and Britain Help Ukraine Prepare for Potential Russian Cyberassault". The New York Times. ISSN 0362-4331. Archived from the original on 2022-01-16. Retrieved 2022-01-17.

External links

Adi Nae Gamliel (2017-10-6) "Securing Smart Grid and Advanced Metering Infrastructure".
Andy Greenberg (2017-06-20). "How An Entire Nation Became Russia's Test Lab for Cyberwar". Wired.
Kim Zetter (2016-03-03). "Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid". Wired.
Kim Zetter (2016-01-20). "Everything We Know About Ukraine's Power Plant Hack". Wired.
John Hulquist (2016-01-07). "Sandworm Team and the Ukrainian Power Authority Attacks". FireEye.
ICS-CERT, [https://www.cisa.gov/uscert/ics/advisories/ICSA-16-336-02)
ICS-CERT, Cyber-Attack Against Ukrainian Critical Infrastructure (IR-ALERT-H-16-056-01)

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Jim Finkle (7 January 2016). "U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters. Archived from the original on 23 June 2017. Retrieved 2 July 2017.

[2] Kostyuk, Nadiya; Zhukov, Yuri M. (2019-02-01). "Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events?". Journal of Conflict Resolution. 63 (2): 317–347. doi:10.1177/0022002717737138. ISSN 0022-0027. S2CID 44364372. Archived from the original on 2022-02-25. Retrieved 2022-02-25.

[ty-3] Zetter, Kim (3 March 2016). "Inside the cunning, unprecedented hack of Ukraine's power grid". Wired . San Francisco, California, USA. ISSN 1059-1028. Archived from the original on 2021-02-08. Retrieved 2021-02-08.

[mpe.12-4] 1 2 3 "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". mpe.kmu.gov.ua. Міністерство енергетики та вугільної промисловості України. 2016-02-12. Archived from the original on 2016-08-15. Retrieved 2016-10-10.

[overland-2019-5] Overland, Indra (1 March 2019). "The geopolitics of renewable energy: debunking four emerging myths". Energy Research and Social Science . 49: 36–40. doi: 10.1016/j.erss.2018.10.018 . hdl: 11250/2579292 . ISSN 2214-6296. Archived from the original on 2021-08-19. Retrieved 2021-02-08.

[nyt-6] 1 2 Sanger, David E.; Barnes, Julian E. (2021-12-20). "U.S. and Britain Help Ukraine Prepare for Potential Russian Cyberassault". The New York Times. ISSN 0362-4331. Archived from the original on 2022-01-16. Retrieved 2022-01-17.

[1]

[2]

[3]

[4]

[5]

[6]

v t e Russo-Ukrainian War
Background	Dissolution of the Soviet Union Black Sea Fleet dispute Budapest Memorandum 2003 Tuzla Island conflict Orange Revolution 2007 Munich speech of Vladimir Putin Russia–Ukraine gas disputes Euromaidan Revolution of Dignity Putinism Foundations of Geopolitics Ruscism Russian irredentism Russian imperialism
Main events	Annexation of Crimea by the Russian Federation timeline 2014 pro-Russian unrest in Ukraine timeline 2014 Odesa clashes War in Donbas timeline List of Russian units which invaded the territory of Ukraine Kerch Strait incident Wagnergate Prelude to the Russian invasion of Ukraine reactions Russian invasion of Ukraine timeline 2022 Russian annexation referendums 2023 Belgorod Oblast incursions destruction of the Kakhovka Dam
Impact and reactions	International sanctions sanctioned people and organisations 2022–2023 Russia–European Union gas dispute Military aid to Ukraine OSCE Special Monitoring Mission to Ukraine Act of 2014 China and the Russian invasion of Ukraine North Korea and the Russian invasion of Ukraine Iran and the Russian invasion of Ukraine United States and the Russian invasion of Ukraine ICJ case ORDLO ATO International reactions to the war in Donbas Casualties of the Russo-Ukrainian War journalists killed Foreign fighters in the Russo-Ukrainian War 2014 Crimean status referendum Political status of Crimea 2021 Black Sea incident 2021–2023 global supply chain crisis Economic impact of the Russian invasion of Ukraine Eurointegration of Ukraine Soviet imagery Lend-Lease (2022) Diplomatic expulsions Russian spies ICC arrest warrant for Vladimir Putin Wagner Group rebellion LGBT people Lukoil oil transit dispute Ukrainian energy crisis
Cyberwarfare	2015 Ukraine power grid hack 2016 Kyiv cyberattack 2016 Surkov leaks 2017 Ukraine ransomware attacks 2022 Ukraine cyberattacks IT Army of Ukraine 2022 activities of Anonymous against Russia 2024 Ukrainian cyberattacks against Russia
Media	Little green men Social media Media portrayal Disinformation in the 2022 invasion Propaganda in Russia Films
Related	Russia–Ukraine relations Russian language in Ukraine Demolition of monuments to Vladimir Lenin in Ukraine 2014 anti-war protests in Russia Ruscism 2018 Moscow–Constantinople schism Control of cities Aircraft losses during the Russo-Ukrainian War Ship losses during the Russo-Ukrainian War Moldova and the Russo-Ukrainian War Ukraine and electronic warfare Ukrainian conscription crisis Forced transfer of Ukrainian children to Russia
Category

2015 Ukraine power grid hack

Contents

Description

Vulnerability

Method

See also

References

Further reading

External links