Ukraine Power Outages Caused By Malware, Say Researchers

Ukraine Power Outages Caused By Malware, Say Researchers

On December 23, a large swathe of Ukraine suffered a massive power outage. This week, it’s come to the light that it could have been the result of destructive malware.

In a blog post, a team from security researchers iSIGHT explains that the attack seems to have used a piece of malware called BlackEnergy which can be used to “plant a KillDisk component onto the targeted computers that would render them unbootable”. It seems such attacks were levelled at three regional power authorities in Ukraine, leaving half of homes in the Ivano-Frankivsk region of Ukraine without electricity.

The malware appears to be spread using Microsoft Office files that contain malicious macros. Hackers simply send out emails with such files contained as attachments, in this case using email addresses spoofed to appear as being sent from the national parliament. The text in the message encourages the recipient to run the macros in the file, in turn installing a version of BlackEnergy on the computer.

From there, the system can install KillDisk malware or make use of a SSH backdoor to provide attackers with remote access. “After having successfully infiltrated a critical system with either of these trojans, an attacker would, again theoretically, be perfectly capable of shutting it down,” write the researchers. ” We can assume with a fairly high amount of certainty that the described toolset was used to cause the power outage in the Ivano-Frankivsk region.”

If these claims are true, it’s fairly worrying that it’s possible to bring about power outages using malicious Microsoft Office files.

[We Live Security via Ars Technica]

Image by Nick Page under Creative Commons licence


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.