Professional Documents
Culture Documents
Ukraine Power Grid
Ukraine Power Grid
Ukraine Power Grid
- Workers were sent a malicious Word Doc that prompted them to enable
macros which then caused a program called BlackEnergy3 to infect their
systems. This gave hackers access to the corporate networks.
- They then explored and mapped these networks, harvesting user credentials
that could be used to remotely log in to the SCADA network which controlled
the power grid.
- They wrote malicious firmware for more than a dozen substations. They also
launched a TDoS attack against customer call centers to prevent people from
calling in to report the outages.
When did the attack happen?
- 23 December 2015, at 3.30pm. This was when the main attack was actually
carried out, taking nearly 60 substations offline and leaving more than
230,000 residents in the dark.
- However, the attacks really began in the Spring of 2015 with a spear-phishing
campaign that targeted IT staff.
What systems were targeted?
There is reason to believe their attack is to make the customers weaken trust in
Ukraine power companies and government and possibly done as a rebuttal
What was the outcome of the attack?