Russian Hackers Behind Ukraine Power Outage May Have Sought More Damage
The Russia-linked hackers who triggered a power outage in Ukraine back in 2016 may have hoped to cause much more damage, according to a report published recently by U.S.-based industrial cybersecurity firm Dragos. The threat group, which Dragos tracks as Electrum, used a piece of malware named Crashoverride and Industroyer to target industrial control systems (ICS) at a power station in Ukraine. The cyberattack resulted in power outages in the Kiev region in mid-December 2016, but power was restored after just over an hour, making the attack less severe compared to the one launched against Ukraine’s grid one year earlier, when power outages lasted for up to 6 hours.
Dragos researcher Joe Slowik has reassessed the 2016 attack involving Crashoverride and he believes that the attackers were actually hoping to cause more widespread outages and trigger a destructive event. It has been known that the malware included a module designed to allow attackers to control circuit breakers and disrupt power by manipulating remote terminal units (RTUs), and a wiper module whose goal was to make recovery more difficult by deleting configuration and other files. During their initial analysis, researchers also uncovered a tool designed to exploit a known vulnerability in Siemens SIPROTEC protection relays (CVE-2015-5374) to cause the devices to enter a denial-of-service (DoS) condition.