Hackers downed Ukrainian Energy Network In December, national security Confirms ICS-CERT

In late December last year, a large number of Ukrainians were left without electricity due to unscheduled outages in a trio of power companies. It was unclear what brought the power grid at the time, but the Department of Homeland Security Industrial Control Systems Emergency Response Cyber ​​'s team TISI +% since, together with a series of other authorities, confirmed that it was a cyber attack that was responsible.

The ICS-CERT has issued an alert on its website covering many details of the attack, "the following account of events is based on interviews interagency team with operations personnel and information technology and leadership in six organizations of Ukraine with first-hand experience of the event. following these discussions and interviews, the team assesses the cuts experienced on December 23, 2015, were caused by cyber-attackers outside. the team could not examine independently the evidence cyber attack techniques, however, a significant number of independent reports by team interviews and documentaries findings corroborate the facts as follows. "

It is unclear how long the affected networks target, but the alter explains that a trio of power plants were affected and that cyber-attackers had remote access to long internal resources sufficient gain valid credentials and freely to the net and jump into and out of the affected system. Malicious software installed ultimately attackers - including BlackEnergy and KillDisk - which eliminates data, hard drives damaged, damaged firmware in vital serial devices to Ethernet, and cut power to servers and backup batteries attached to the servers.

It is obvious from the data that the attack was well coordinated, "In the cyber attacks, malicious remote operation of the switches is carried out by several external humans using either (ICS) tools existing remote management level the operating system or industrial control system remote client software through virtual private network (VPN). "And the attacks occurred within 30 minutes.

There are many other details are available at DHS ICS-CERT alert, including information on how to detect and protect systems from a similar attack.

Related eXtra/News business news News Today