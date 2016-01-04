Jan 4 A central European security software firm
said on Monday that a cyber attack last month in Ukraine was
broader than initially reported last week when the nation's
secret police blamed a power outage on Russia.
Western Ukraine power company Prykarpattyaoblenergo reported
an outage on Dec. 23, saying the area affected included regional
capital Ivano-Frankivsk. Ukraine's SBU state security service
responded by blaming Russia and the energy ministry in Kiev set
up a commission to investigate the matter.
While Prykarpattyaoblenergo was the only Ukraine electric
firm that reported an outage, similar malware was found in the
networks of at least two other utilities, said Robert Lipovsky,
senior malware researcher at Bratislava-based security company
ESET. He said they were ESET customers, but declined to name
them or elaborate.
"The reported case was not an isolated incident," he said.
Prykarpattyaoblenergo publicly blamed its outage on
"interference" in the working of its system. The Kremlin did not
respond to a request for comment.
Researchers with computer security firms Trend Micro and
iSight Partners said ESET's assessment that the attackers sought
to infect other utilities appeared credible, shedding new light
on evidence that this is the first power outage proven to have
been caused by a cyber attack. Experts have warned for years,
with growing urgency, that electric utilities are vulnerable to
cyber attacks that could cut power.
"This is the first time we have proof and can tie malware to
a particular outage," said Trend Micro senior researcher Kyle
Wilhoit. "It is pretty scary."
Cyber firm iSight Partners said that ESET's report of
multiple attacks is consistent with its own analysis.
"There is pretty strong consensus that there was a blackout
caused by a computer network attack," said iSight's director of
cyber espionage analysis, John Hultquist.
Experts with ESET, iSight and Trend Micro told Reuters the
attackers used a malicious software platform known as
"BlackEnergy" to access utility networks, planting a related
piece of malware, "KillDisk," on targeted systems.
KillDisk can delete or overwrite data files.
Researchers say they have yet to determine whether
KillDisk's job was to knock out power or simply conceal the
attack.
Cyber criminals have been using versions of BlackEnergy
since 2007. Over the past two years, there has been widespread
reports that a Moscow-backed group, Sandworm, was using it for
targeted attacks.
