Ukraine power cut 'was cyber-attack'

A power cut that hit part of the Ukrainian capital, Kiev, in December has been judged a cyber-attack by researchers investigating the incident.

The blackout lasted just over an hour and started just before midnight on 17 December.

The cyber-security company Information Systems Security Partners (ISSP) has linked the incident to a hack and blackout in 2015 that affected 225,000.

It also said a series of other recent attacks in Ukraine were connected.

The 2016 power cut had amounted to a loss of about one-fifth of Kiev’s power consumption at that time of night, national energy company Ukrenergo said at the time.

It affected the Pivnichna substation outside the capital, and left people in part of the city and a surrounding area without electricity until shortly after 01:00.

The attack took place almost exactly one year after a much larger hack on a regional electricity distribution company.

That was later blamed on the Russian security services.

‘Not much different’

ISSP, a Ukrainian company investigating the incidents on behalf of Ukrenergo, said that both attacks were linked, along with a series of hacks on other state institutions this December.

These included the national railway system, several government ministries and a national pension fund.

Oleksii Yasnskiy, head of ISSP labs, said: “The attacks in 2016 and 2015 were not much different – the only distinction was that the attacks of 2016 became more complex and were much better organised.”

He also said different criminal groups had worked together, and seemed to be testing techniques that could be used elsewhere in the world for sabotage.

Marina Krotofil, a researcher for Honeywell Industrial Cyber Security Lab, which also assisted the investigation, added that “the December 2016 attack was not meant to have any lasting dramatic consequences”.

“They could do many more things, but obviously they didn’t have this as an intent. It was more like a demonstration of capabilities,” she told tech news site Motherboard.

‘Acts of terrorism’

At the end of December, Ukraine’s president, Petro Poroshenko, said hackers had targeted state institutions about 6,500 times in the final two months of 2016.

He said the incidents showed Russia was waging a cyber-war against the country.

“Acts of terrorism and sabotage on critical infrastructure facilities remain possible today,” Mr Poroshenko said during a meeting of the National Security and Defence Council, according to a statement released by his office.

“The investigation of a number of incidents indicated the complicity directly or indirectly of Russian security services.”