back to article BlackEnergy malware activity spiked in runup to Ukraine power grid takedown

Fresh research has shed new light on the devious and unprecedented cyber-attack against Ukraine's power grid in December 2015. A former intelligence analyst has warned that launching similar attacks is within the capabilities of criminals, or perhaps even hacktivist groups, since most of the key components are readily …

  1. Anonymous Coward
    Anonymous Coward

    Wow

    I don't know who this Zach Flom guy is, but research like this is what the world needs. Forward thinking cyber awareness is key in the coming years. Good to see someone has their efforts pointed in the right direction.

  2. Walter Bishop Silver badge
    Linux

    Power cuts caused by destruction of two pylons

    "Russian authorities have declared a state of emergency in Crimea after nearly two million people on the peninsula were left without power by the destruction of two pylons carrying electricity from Ukraine." ref

    1. Solmyr ibn Wali Barad

      Re: Power cuts caused by destruction of two pylons

      That's a different topic. Lines to Crimea were blown up by old-fashioned explosives. No IT/DevOops angle to be found there. Whereas this incident has all the right stuff - cyber mumble and lots of blameshifting.

      "The 23 December outage at Ukraine's Prykarpattya Oblenergo and Kyivoblenergo utilities cut power to 80,000 customers for six hours and has been blamed on Moscow by the nation's security service."

      "After analysing the information that has been made available by affected power companies, researchers, and the media it is clear that cyber attacks were directly responsible for power outages in Ukraine,"

      1. JohnG

        Re: Power cuts caused by destruction of two pylons

        Where are the affected remotely operated breakers? In a country with such an archaic electrical supply infrastructure, it seems unlikely that any of it would be modern enough to be hacked.

        Coincidentally, they had limited coal supplies and problems with their nuclear power stations.

  3. Martin Summers Silver badge

    They should have just released a bunch of squirrels, told them to go nuts and saved themselves the bother. They can't give anything away by interrogation either.

  4. Sir Runcible Spoon Silver badge
    Facepalm

    It isn't rocket science

    Two

    Factor

    Authentication

  5. Anonymous Coward
    Anonymous Coward

    A few days prior to that, their PM said they have enough coal for 5 days and some powerstations were already running below 25%. Sounds like another Ukrainian fairy tale. they did not happen to ask for money to sort out?

  6. Anonymous Coward
    Anonymous Coward

    MBR?

    They used a virus to infect the Master Boot Record?

    This suggests that the Ukraine is using Windows boxes to control their infrastructure.

    Are they mad?

    1. Anonymous Coward
      Anonymous Coward

      Yes they do, just like BP, a la Deep Horizon.

      "using Windows boxes to control their infrastructure. Are they mad?"

      Yes they do, just like BP, a la Deep Horizon.

      These companies have been using Windows to roll-out their SCADA systems for decades, even though it is not necessary, unreliable and bloatware in comparison to more open systems. Not just XP, but 2000, ME, 98 95, 3.x, even 16 bit versions! They only used what they could support. However they don't support it, only when it breaks do they fix. That is not support, it is closer to negligence than maintenance.

      In the past these systems never used to break because they weren't connected to the networks, (a reboot would always do). But now they are (increasingly) networked. Amazingly, some do not get replaced because the software is too brittle and/or old for them to replace so they just install TCP/IP and Windows Networking so that the 'remote monitoring' or control project can be signed off as complete.

      There are very few auditors, let alone SecOps employed to check systems running on oil rigs, power distribution networks and other 'industrial backwaters'.

      Perhaps we should donate all the old Win7 machines we can find- and protect the planet from their capital equipment budgets!

    2. JohnG

      Re: MBR?

      "This suggests that the Ukraine is using Windows boxes to control their infrastructure."

      ...also, don't have adequate antivirus, configuration control, security and they don't believe in backups.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019