Department of Homeland security’s (DHS’s)
Industrial Control systems cyber emergency response team (ICS-CERT) has
identified a piece of malicious code known as ‘BlackEnergy’ in the networks of
a power company in western Ukraine.
The code came to light when the intelligence
community of United States investigated a cyber attack on the Ukrainian power
grid which was caused last year in December.
BlackEnergy, which is a sophisticated malware
campaign, has been ongoing since at least 2011. It targets industrial control
systems and has been identified on Internet-connected human-machine interfaces
in the United States.
The investigation shows that the power
outages were caused by a series of network-centric attacks against multiple
utilities which disrupted Supervisory control and data acquisition (SCADA) and
phone systems.
ICS-CERT and US-CERT along with Ukrainian
CERT are still analyzing the malware which was likely used to prevent system
operators from detecting the attack while a remote attacker opened breakers.
The not so sophisticated malware may have
been used to shield the perpetrators.
On December 23 a power cut affected 80,000
customers for six hours. The attacks cut at least seven 110 Kilo volt (kV) and twenty
three 35 kV substations.
Russian government was blamed for this incident
by Ukraine’s security service, but later it was noted that BlackEnergy was
associated with the incident which is associated with the ethnic Russian
hacking group ‘Sandworm’. In October 2014, Sandworm reportedly compromised
industrial control systems in the US for up to three years.
The malware has been found attacking
utilities and media organizations with the hard-drive nuking killdisk
componentry.
Former NSA and CIA head, retired Gen. Michael
Hayden warned about the increasing threat of physical damages by malware
infections.