Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Description 2 Vulnerability 3 Method 4 See also 5 References 6 Further reading 7 External links

2015 Ukraine power grid hack

●Deutsch ●فارسی ●Français ●Oʻzbekcha / ўзбекча ●தமிழ் ●Українська Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

On December 23, 2015, the power grid in two western oblasts of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-present) and is attributed to a Russian advanced persistent threat group known as "Sandworm".^[1] It is the first publicly acknowledged successful cyberattack on a power grid.^[2]

Description[edit]

On 23 December 2015, hackers using the BlackEnergy 3 malware remotely compromised information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers. Most affected were consumers of Prykarpattyaoblenergo (Ukrainian: Прикарпаттяобленерго; servicing Ivano-Frankivsk Oblast): 30 substations (7 110kv substations and 23 35kv substations) were switched off, and about 230,000 people were without electricity for a period from 1 to 6 hours.^[3]

At the same time, consumers of two other energy distribution companies, Chernivtsioblenergo (Ukrainian: Чернівціобленерго; servicing Chernivtsi Oblast) and Kyivoblenergo (Ukrainian: Київобленерго; servicing Kyiv Oblast) were also affected by a cyberattack, but at a smaller scale. According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to the Russian Federation.^[4]

Vulnerability[edit]

In 2019, it was argued that Ukraine was a special case, comprising unusually dilapidated infrastructure, a high level of corruption, the ongoing Russo-Ukrainian War, and exceptional possibilities for Russian infiltration due to the historical links between the two countries.^[5] The Ukrainian power grid was built when it was part of the Soviet Union, has been upgraded with Russian parts and (as of 2022), still not been fixed.^{[clarification needed]} Russian attackers are as familiar with the software as operators. Furthermore, the timing of the attack during the holiday season guaranteed only a skeleton crew of Ukrainian operators were working (as shown in videos).^[6]

Method[edit]

The cyberattack was complex and consisted of the following steps:^[4]

Prior compromise of corporate networks using spear-phishing emails with BlackEnergy malware
Seizing SCADA under control, remotely switching substations off
Disabling/destroying IT infrastructure components (uninterruptible power supplies, modems, RTUs, commutators)
Destruction of files stored on servers and workstations with the KillDisk malware
Denial-of-service attack on call-center to deny consumers up-to-date information on the blackout.
Emergency power at the utility company’s operations center was switched off.^[6]

In total, up to 73 MWh of electricity was not supplied (or 0.015% of daily electricity consumption in Ukraine).^[4]

References[edit]

^ Jim Finkle (7 January 2016). "U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters. Archived from the original on 23 June 2017. Retrieved 2 July 2017.

^ Kostyuk, Nadiya; Zhukov, Yuri M. (2019-02-01). "Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events?". Journal of Conflict Resolution. 63 (2): 317–347. doi:10.1177/0022002717737138. ISSN 0022-0027. S2CID 44364372. Archived from the original on 2022-02-25. Retrieved 2022-02-25.

^ Zetter, Kim (3 March 2016). "Inside the cunning, unprecedented hack of Ukraine's power grid". Wired. San Francisco, California, USA. ISSN 1059-1028. Archived from the original on 2021-02-08. Retrieved 2021-02-08.

^ ^a ^b ^c "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". mpe.kmu.gov.ua. Міністерство енергетики та вугільної промисловості України. 2016-02-12. Archived from the original on 2016-08-15. Retrieved 2016-10-10.

^ Overland, Indra (1 March 2019). "The geopolitics of renewable energy: debunking four emerging myths". Energy Research and Social Science. 49: 36–40. doi:10.1016/j.erss.2018.10.018. hdl:11250/2579292. ISSN 2214-6296. Archived from the original on 2021-08-19. Retrieved 2021-02-08.

^ ^a ^b Sanger, David E.; Barnes, Julian E. (2021-12-20). "U.S. and Britain Help Ukraine Prepare for Potential Russian Cyberassault". The New York Times. ISSN 0362-4331. Archived from the original on 2022-01-16. Retrieved 2022-01-17.

External links[edit]

Adi Nae Gamliel (2017-10-6) "Securing Smart Grid and Advanced Metering Infrastructure".
Andy Greenberg (2017-06-20). "How An Entire Nation Became Russia's Test Lab for Cyberwar". Wired.
Kim Zetter (2016-03-03). "Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid". Wired.
Kim Zetter (2016-01-20). "Everything We Know About Ukraine's Power Plant Hack". Wired.
John Hulquist (2016-01-07). "Sandworm Team and the Ukrainian Power Authority Attacks". FireEye.
ICS-CERT, [https://www.cisa.gov/uscert/ics/advisories/ICSA-16-336-02)
ICS-CERT, Cyber-Attack Against Ukrainian Critical Infrastructure (IR-ALERT-H-16-056-01)

v t e Russo-Ukrainian War
Background	Dissolution of the Soviet Union Budapest Memorandum 2003 Tuzla Island conflict Orange Revolution 2007 Munich speech of Vladimir Putin Russia–Ukraine gas disputes Euromaidan Revolution of Dignity Putinism Foundations of Geopolitics Novorossiya Ruscism Russian irredentism Russian imperialism
Main events	Annexation of Crimea by the Russian Federation timeline 2014 pro-Russian unrest in Ukraine Historical background timeline 2014 Odesa clashes War in Donbas timeline List of Russian units which invaded the territory of Ukraine Kerch Strait incident Wagnergate Prelude to the Russian invasion of Ukraine reactions Russian invasion of Ukraine timeline 2022 Russian annexation referendums 2023 Belgorod Oblast incursions destruction of the Kakhovka Dam
Impact and reactions	International sanctions sanctioned people and organisations 2022–2023 Russia–European Union gas dispute Military aid to Ukraine OSCE Special Monitoring Mission to Ukraine Act of 2014 China and the Russian invasion of Ukraine Iran and the Russian invasion of Ukraine United States and the Russian invasion of Ukraine ICJ case ORDLO ATO International reactions to the war in Donbas Casualties of the Russo-Ukrainian War journalists killed Foreign fighters in the Russo-Ukrainian War 2014 Crimean status referendum Political status of Crimea 2021 Black Sea incident 2021–2023 global supply chain crisis Economic impact of the Russian invasion of Ukraine Eurointegration of Ukraine Soviet imagery Lend-Lease (2022) Diplomatic expulsions Russian spies ICC arrest warrant for Vladimir Putin Wagner Group rebellion LGBT people
Cyberwarfare	2015 Ukraine power grid hack 2016 Kyiv cyberattack 2016 Surkov leaks 2017 Ukraine ransomware attacks 2022 Ukraine cyberattacks IT Army of Ukraine 2022 activities of Anonymous against Russia
Media	Little green men Social media Media portrayal Disinformation in the 2022 invasion Propaganda in Russia Films
Related	Russia–Ukraine relations Russian language in Ukraine Demolition of monuments to Vladimir Lenin in Ukraine 2014 anti-war protests in Russia Ruscism 2018 Moscow–Constantinople schism Control of cities Aircraft losses during the Russo-Ukrainian War Ship losses during the Russo-Ukrainian War Moldova and the Russo-Ukrainian War Ukrainian conscription crisis Forced transfer of Ukrainian children to Russia
Category

Ukraine articles

History

Chronology

By topic

Education
Corruption
Gender inequality
Health
- Abortion
- HIV/AIDS
- Swine flu pandemic (2009-10)
- COVID-19 pandemic and Delta cron hybrid variant (2020-22)
- Murder and suicide problems
Human rights
- Freedom of the press
- LGBT
Human trafficking
Languages
Minorities
Prostitution
Religion

Culture

Animation
Architecture
- Kievan Rus'
- Baroque
Arts
Cinema
Cuisine
- Wine
Cultural icons
- Bandura
- Borscht
- Kazka
- Kobzar
- Pysanka
- Rushnyk
- Vyshyvanka
Dance
Folklore
Holidays
Intangible Cultural Heritage
Literature
Media
Music
Opera
Sport

Demographics

Outline

Hacking in the 2010s

← 2000s

Timeline

2020s →

Major incidents

2010	Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback
2011	Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise
2012	LinkedIn hack Stratfor email leak Operation High Roller
2013	South Korea cyberattack Snapchat hack Cyberterrorism attack of June 25 2013 Yahoo! data breach Singapore cyberattacks
2014	Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach
2015	Office of Personnel Management data breach Hacking Team Ashley Madison data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack
2016	Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack
2017	SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Vault7 data breach Equifax data breach Deloitte breach Disqus breach
2018	Trustico Atlanta cyberattack SingHealth data breach
2019	Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident

Hacktivism

Advanced
persistent threats

Individuals

Major vulnerabilities
publicly disclosed

Evercookie (2010)
iSeeYou (2013)
Heartbleed (2014)
Shellshock (2014)
POODLE (2014)
Rootpipe (2014)
Row hammer (2014)
SS7 vulnerabilities (2014)
WinShock (2014)
JASBUG (2015)
Stagefright (2015)
DROWN (2016)
Badlock (2016)
Dirty COW (2016)
Cloudbleed (2017)
Broadcom Wi-Fi (2017)
EternalBlue (2017)
DoublePulsar (2017)
Silent Bob is Silent (2017)
KRACK (2017)
ROCA vulnerability (2017)
BlueBorne (2017)
Meltdown (2018)
Spectre (2018)
EFAIL (2018)
Exactis (2018)
Speculative Store Bypass (2018)
Lazy FP state restore (2018)
TLBleed (2018)
SigSpoof (2018)
Foreshadow (2018)
Dragonblood (2019)
Microarchitectural Data Sampling (2019)
BlueKeep (2019)
Kr00k (2019)

Malware

2010	Bad Rabbit Black Energy 2 SpyEye Stuxnet
2011	Coreflood Alureon Duqu Kelihos Metulji botnet Stars
2012	Carna Dexter FBI Flame Mahdi Red October Shamoon
2013	CryptoLocker DarkSeoul
2014	Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin
2015	Dridex Hidden Tear Rombertik TeslaCrypt
2016	Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya X-Agent
2017	BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy
2018	VPNFilter
2019	Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet

Retrieved from "https://en.wikipedia.org/w/index.php?title=2015_Ukraine_power_grid_hack&oldid=1230691390" Categories: ●Cyberattacks on energy sector ●2015 in Ukraine ●Russo-Ukrainian War ●Power outages ●December 2015 crimes in Europe ●December 2015 events in Ukraine ●Hacking in the 2010s ●Russian–Ukrainian cyberwarfare Hidden categories: ●Articles with short description ●Short description matches Wikidata ●Articles containing Ukrainian-language text ●Wikipedia articles needing clarification from December 2022 ●This page was last edited on 24 June 2024, at 04:36 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view

Contents