Ukrainian power grid downed 'by cyber attack'

Nuclear power plant behind power lines

Symantec's Cybersecurity Response experts have released information following the recent cyber-security attack against the Ukrainian energy sector, which resulted in blackouts for hundreds of thousands of homes.

Symantec has identified the Trojan reportedly used in the attack as Trojan.Disakil, which had previously been used to target media companies in the country.

In October 2015, several computers belonging to a major Ukrainian media company were compromised when the malware package known as BlackEnergy was employed in order to retrieve admin credentials which were then used to execute the Disakil trojan on several other computers.

The same method may have been used to infect terminals in the substations of three local power authorities, according to Symantec.

The power outage occurred on 23 December, and affected roughly 700,000 homes.

Ukranian officials have laid the blame for the attack on Russia's doorstep, after 2015's Crimean conflict led to a breakdown in relations between the two states.

After a series of updates, the BlackEnergy package was expanded to give hackers additional tools, including many that are designed to aid in intelligence gathering.

These include industrial sabotage functions, KillDisk utilities to wipe key hard-drive sections and make computers non-bootable, and an SSH backdoor that lets hackers permanently access infected systems.

Reports from ESET indicate that the Trojan was carefully programmed to delete specific data and take specific systems offline in a precisely targeted attack.

While it has not officially been confirmed that the cyber attack is what took down the power grid, ESET's researchers have noted that it is entirely possible, stating that "after having successfully infiltrated a critical system with either of these trojans, an attacker would theoretically, be perfectly capable of shutting it down".

If true, this has echoes of the Stuxnet virus that destroyed huge swathes of Iran's nuclear technology in 2009, as well as a vast attack on Estonia that has been dubbed the first cyber war' also linked to Russia.

It also highlights the troubling capability of cybercriminals to use advanced hacking techniques to sabotage vital infrastructure, potentials endangering thousands of lives.

This story was originally published on 5 January and has since been updated to reflect new information.

Caroline Preece

Caroline has been writing about technology for more than a decade, switching between consumer smart home news and reviews and in-depth B2B industry coverage. In addition to her work for IT Pro and Cloud Pro, she has contributed to a number of titles including Expert Reviews, TechRadar, The Week and many more. She is currently the smart home editor across Future Publishing's homes titles.

You can get in touch with Caroline via email at