According to statements from Ukrenergo, a Ukrainian energy provider, a cyber-attack may have caused a power outage in northern Ukraine, almost a year after another cyber-attack had shut down power supply across several regions during Christmas 2015.
The most recent power outages took place on Saturday, December 17, at 23:53, and affected the regions around Kiev, the country’s capital.
“Among the possible causes of failure are considered hacking and equipment malfunction (crashes),” said Ukrenergo in a statement (cached here).
Power returned after 75 minutes
Vsevolod Kovalchuk, Ukrenergo Acting Director, said on Facebook that the company restored power to its customers 45 minutes after personnel switched equipment from automatic to manual mode, and 75 minutes after the blackout started.
During Christmas 2015, a telephony flood and custom-built malware attacked several power companies in the Ukraine and caused blackouts in the Ivano-Frankivsk, Horodenka, Kalush, Dolyna, Kosiv, Tysmenytsia, Nadvirna, and Yaremche regions.
The 2015 attack involved malware such as BlackEnergy and KillDisk spread via malicious Word files. These two malware families have only been detected in highly-targeted attacks, specific to state-sponsored actors.
Ukraine blasted by mysterious cyber-attacks
SBU, Ukraine’s Security Service, put out a statement and accused Russia of the 2015 attacks. It’s currently unknown who’s behind the 2016 attack.
In the months following the Christmas 2015 cyber-attack against Ukrainian power companies, Trend Micro researchers published a report revealing a coordinated series of attacks that targeted Ukraine’s railroad and mining sectors.
ESET researchers also discovered attacks with the BlackEnergy malware against Ukrainian media.
The Ukrainian government also found evidence of an attempt to (cyber-)attack the Boryspil Kiev international airport.
Ukrainian and pro-Russian forces have been waging war in the Donbass region, in eastern Ukraine since mid-2014. Russia, along with China, the US, Iran, and North Korea, are considered the countries that have the most active cyber-espionage divisions today.