the December 2016 cyberattack on the Ukrainian power grid has presented a menacing puzzle. Two days before Christmas that year, Russian hackers planted a unique specimen of malware in the network of Ukraine's national grid operator, Ukrenergo. Just before midnight, they used it to open every circuit breaker in a transmission station north of Kyiv. The result was one of the most dramatic attacks in Russia's years-long cyberwar against its western neighbor, an unprecedented, automated blackout across a broad swath of Ukraine's capital.*Previously: Acid Burn cosplay.
But an hour later, Ukrenergo's operators were able to simply switch the power back on again. Which raised the question: Why would Russia's hackers build a sophisticated cyberweapon and plant it in the heart of a nation's power grid only to trigger a one-hour blackout?
A new theory offers a potential answer.
Russia's hackers apparently intended to trigger that destruction not at the time of the blackout itself but when grid operators turned the power back on
The Ukraine-targeted blackout malware, known alternately as Industroyer or Crash Override
Friday, September 13, 2019
"New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction" in Ukraine