Kiev Power Outage Linked To Cyber Attacks


A Kiev power outage last weekend in Ukraine has been linked to a cyber attack, which is worryingly similar to an attack that happened around the same time last year.

Kiev Power Outage Linked To Cyber Attacks

Sub-stations and transmission stations have always been a weak point for nation-state attacks as EVERYTHING relies on them now. Plus with smart grids and remotely controlled stations, the attack surface for such utilities is increasing year by year.

A cyber attack is suspected in connection with an outage of the Ukrainian power grid that affected homes around Kiev last weekend.

A substation in Pivnichna was cut off from the main power grid for about 75 minutes late on Saturday 17 December, lasting into the early hours of Sunday. As a result, houses and flats of the right bank district of Kiev* and neighbouring areas lost power.

Ukrenergo, a Ukrainian energy provider, said that “hacker attack and equipment failure are among the possible causes for the power failures”, according to local reports.

Moreno Carullo, co-founder and chief technical officer at Nozomi Networks, said, “These reports are reminiscent of an attack experienced at a similar time last December that left 225,000 Ukrainians cold at Christmas. Worryingly, if this does prove to be another cyberattack on the Ukrainian grid, it sets an uncomfortable precedent that similar attacks may occur annually at this time of year.”

The recent outage appears to centre at a transmission substation. These are used to transport electricity over long distances, with its primary function to raise/lower and control the voltage, provide power factor correction to protect from overloads, and perform checks to synchronise power flow between two adjacent power systems. A distribution substation is then used, closer to cities, to carry electricity to users.

“All this equipment (the transmission and the primary distribution substations) are automated and remotely controlled, while smaller ones maybe electro-mechanically operated and are certainly unsupervised,” according to Carullo.


It seems a lot of these stations are pretty old and if they are connected to the Internet (which they seem to be), it’s been retro-fitted. Sadly when such things happen security is rarely a concern or even something discussed.

If they connect their remote control software, it works – and that’s usually the end of that.

“Substations have long been considered a weak point, with respect to cybersecurity, due to their remote location making them difficult to manage and monitor for disruptions. While some are completely disconnected, and are therefore considered safe from cyberattack, others form part of a Smart Grid which means they are part of a fully connected series of systems to allow for improved efficiency of the power grid. However, with Smart Grid connectivity comes increased vulnerability to cyberattacks due to the connected nature of the entire grid,” he added.

A hacker who gains access to internet-connected control panels might be able to disable inverters and fire alarms, triggering blackouts and equipment damage to many households in one time. If hackers did attack Kiev’s power grid – something that’s still the subject of investigation – then Russia will almost inevitably become the chief suspect, given recent (unresolved) conflicts between the two countries.

Alex Mathews, lead security evangelist at Positive Technologies, remains unconvinced that hackers caused the latest power outage in the Ukraine. Equipment failure can’t be ruled out as a cause, he pointed out.

“Power outages in winter time is a pretty common story for ex-USSR territories where the power equipment is old, so it can shut down when people use too many electric heaters, lamps and other appliances,” Mathews said. “Such power outages happen every year, even in big cities like Moscow, Petersburg and Kiev.”

The temperature in Kiev on the day ranged from a -1˚C maximum and a -9˚C minimum.

Let’s hope this isn’t a trend and citizens of Ukraine can avoid getting a nasty shock like this each December in the coldest period of the year.

You also can’t rule out nation-state attacks just testing the resources and reaction times of Ukraine (possibly Russian?).

Source: The Register

Posted in: Hardware Hacking


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


Comments are closed.