‘Power failure in Ukraine was caused by targeted deployment of malware’

According to security company ESET, the power outages that took place in Ukraine shortly before Christmas are due to the targeted use of BlackEnergy malware. The attacks left about 700,000 people without power for several hours.

ESET further reports that the BlackEnergy malware has been around for some time and that it is a modular program. This means that the malware is made up of various components, each of which performs its own task. The attacks against the power plants used a module called ‘KillDisk’, which is capable of overwriting files. As a result, computers can no longer be started and it is also difficult to repair the damage, according to the company.

The version of KillDisk deployed in the attacks was optimized for use on industrial systems, according to an ESET security researcher. It was also recently revealed that the BlackEnergy malware contains an ssh backdoor that allows an attacker to gain access to and disable an infected system. The KillDisk module would then only complicate the recovery work. According to ESET, several power plants were simultaneously targeted during the power outage.

Ukrainian media and energy companies have been targeted by hackers for some time. The infection is alleged to have taken place via a targeted phishing campaign that sends infected Microsoft Office files that distribute the BlackEnergy malware via a malicious macro. Until now, it was not clear whether the power outages were caused by this form of malware, but the latest statement from ESET seems to confirm this.