U.S. intelligence officials are examining whether Russia is responsible for using malware to shut down a power grid in Ukraine.
Investigators include staff in the Central Intelligence Agency, the National Security Agency, and the Department of Homeland Security, according to unnamed officials cited by the Daily Beast on Wednesday. The Dec. 23 incident resulted in the loss of power to 700,000 Ukrainian homes for several hours.
Experts have indicated that malware was also used in attacks against U.S. facilities from 2011 to 2014. The original incarnation was dubbed “BlackEnergy” by the State Department, which described it as a “sophisticated malware campaign that … compromised numerous industrial control systems.”
The attack on the U.S. failed to cause significant damage, though it went unnoticed for three years. If the malware that infected the Ukrainian “Prykarpattyaoblenergo” was indeed the reason for the country’s power outage, it would be the first time that a cyberattack against critical infrastructure resulted in the loss of electricity.
Related Story: http://www.washingtonexaminer.com/article/2578858
That would come as a dark milestone for U.S. officials, who have long said that a successful attack against critical infrastructure represents their worst fear.
Three cybersecurity firms — iSIGHT, ESET, and the Sans Institute — have indicated the attack likely was the cause of the outage. ESET said the malware, called “KillDisk,” was an enhanced version of BlackEnergy.
“The attackers have been using the BlackEnergy backdoor to plant a KillDisk component onto the targeted computers that would render them unbootable,” ESET reported in a Monday blog post.
“The KillDisk variant used in the recent attacks against Ukrainian power distribution companies also contained some additional functionality,” ESET added. “In addition to being able to delete system files to make the system unbootable — functionality typical for such destructive trojans — this particular variant contained code specifically intended to sabotage industrial systems.”
U.S. officials have declined to comment, as has the Russian Embassy. Ukrainian security officials have attributed the attack to the Kremlin.
Related Story: http://www.washingtonexaminer.com/article/2576841
Russia annexed Ukraine’s Crimea in 2014 and has since backed separatists in the country’s eastern half. In addition to previous cyberattacks against Ukraine, Russia has also targeted the Baltic States, the U.S., the E.U., and NATO.
