2016 cyber attack against power transmission in Ukraine

On December 17th 2016, a cyber attack against a Ukrenergo electricity transmission substation in Pivnichna, Kiev, Ukraine resulted in a blackout shortly before midnight which lasted just over an hour.

The attack was subsequently linked to the CRASHOVERRIDE/INDUSTROYER malware by researchers at Dragos and ESET respectively. The malware was specifically designed to communicate with industrial control systems and had the potential to cause significantly more impact.

The attack was ultimately attributed to Sandworm (also known as Sandworm Team) / ELECTRUM (Dragos), with the US government charging individuals associated with Russia's GRU.

www.wired.com

https://www.wired.com/story/crash-override-malware/

www.cisa.gov

https://www.cisa.gov/news-events/alerts/2017/06/12/crashoverride-malware

www.dragos.com

https://www.dragos.com/wp-content/uploads/CrashOverride-01.pdf

www.dragos.com

https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE.pdf

web-assets.esetstatic.com

https://web-assets.esetstatic.com/wls/2017/06/Win32_Industroyer.pdf

www.wired.com

https://www.wired.com/story/what-is-crash-override-malware-hackers/

www.justice.gov

https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and

www.wired.com

https://www.wired.com/story/russian-hackers-attack-ukraine/

www.bbc.co.uk

https://www.bbc.co.uk/news/technology-38573074