A report from Washington-based SANS ICS released over the weekend points to hackers remotely switching breakers to cut power creating the six-hour Ukraine power outage for around 80,000 customers of Prykarpattyaoblenergo utility on 23 December, reports Reuters.
SANS ICS, an organisation that trains infrastructure operators on combating cyberattacks, estimates that hackers also installed malware to prevent technicians from detecting the attack.
The attackers also targeted the utility's customer-service centre by flooding it with phone calls to prevent customers from alerting the utility that power was down.
Robert Lee, a former US Air Force cyber warfare operations officer who helped in the compilation of the SANS ICS report, said: "This was a multi-pronged attack against multiple facilities. It was highly coordinated with very professional logistics."
However, the utility's operators were reportedly able to recover control by switching to manual operations, essentially disconnecting infected workstations and servers from the grid. reported Reuters.
Ukraine power outage attack wider spread
While Prykarpattyaoblenergo was the only Ukraine electric utility that reported an outage, similar malware was found in the networks of at least two other utilities, said Robert Lipovsky, senior malware researcher at Bratislava-based security company ESET.
He said they were ESET customers, but declined to name them.
Researchers with computer security firms Trend Micro and iSight Partners said ESET's assessment that the attackers sought to infect other utilities appeared credible, shedding new light on evidence that this is the first power outage proven to have been caused by a cyberattack, reports The Star Online.
Kyle Wilhoit, senior researcher at Trend Micro, said: "This is the first time we have proof and can tie malware to a particular outage. It is pretty scary."
Ukraine points finger to cyberattackers
Ukraine's SBU state security service blamed Russia, and US cyber firm iSight Partners identified the perpetrator as a Russian hacking group known as 'Sandworm'.
Ukraine's energy ministry has said it will release a formal statement after 18 January following completion of a formal investigation, stated the news agency.
US responds to Ukraine power outage
Last week quasi-US governmental organisation the Electricity Information Sharing and Analysis Center, or E-ISAC, urged its utility members to “do a better job” at implementing multiple layers of defense against potential cyber attacks.
The nine-page confidential document, reviewed by Reuters, did not identify deficiencies in the US grid that could lead to similar attacks.
The news comes at a time utilities are on heightened alert to the threat of a malicious attack.
In October 2015, US federal law enforcement agents confirmed that militant group Islamic State had unsuccessfully tried to hack American electric utilities.
Section chief at the Federal Bureau of Investigation's (FBI) cyber division John Riggi described the attacks as "strong intent; thankfully, low capability."
Caitlin Durkovich, assistant secretary for infrastructure protection at the Department of Homeland Security, commented that: "ISIL is beginning to perpetrate cyber attacks."