Friday, September 13, 2019

"New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction" in Ukraine

Wired:

the December 2016 cyberattack on the Ukrainian power grid has presented a menacing puzzle. Two days before Christmas that year, Russian hackers planted a unique specimen of malware in the network of Ukraine's national grid operator, Ukrenergo. Just before midnight, they used it to open every circuit breaker in a transmission station north of Kyiv. The result was one of the most dramatic attacks in Russia's years-long cyberwar against its western neighbor, an unprecedented, automated blackout across a broad swath of Ukraine's capital.

But an hour later, Ukrenergo's operators were able to simply switch the power back on again. Which raised the question: Why would Russia's hackers build a sophisticated cyberweapon and plant it in the heart of a nation's power grid only to trigger a one-hour blackout?

A new theory offers a potential answer.

...

Russia's hackers apparently intended to trigger that destruction not at the time of the blackout itself but when grid operators turned the power back on

...

The Ukraine-targeted blackout malware, known alternately as Industroyer or Crash Override
*Previously: Acid Burn cosplay.