BuzzFeed News World Correspondent

World

"It's the major scenario we've all been concerned about for so long."

[SUBBUZZ 7701069]SAN FRANCISCO — On Dec. 23, over 600,000 homes in the Ivano-Frankivsk region of Ukraine lost all power for several hours. Now cybersecurity experts are claiming that the power outage was caused by a cyberattack, likely originating in Russia."It's a milestone because we've definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout," John Hultquist, head of the cybersecurity firm iSight's cyber espionage intelligence practice, <a href="http://arstechnica.com/security/2016/01/first-known-hacker-caused-power-outage-signals-troubling-escalation/">told ArsTechnica</a>. "It's the major scenario we've all been concerned about for so long."Ukraine's security service has <a href="http://mobile.reuters.com/article/idUSKBN0UE0ZZ20151231">blamed the incident on Russia</a> for weeks, though definitively establishing the source of cyberattacks is always difficult.iSight’s researchers attributed the blackouts to a virus that disconnected electrical stations from the power grid. They named the group behind the attacks “Sandworm.” They've previously said the same team was behind a Russian cyberespionage campaign iSight <a href="http://info.isightpartners.com/sandworm-report?__hstc=78530635.27d270baf1f7eacfb6efe3978ef03939.1401809013884.1413904382008.1413908740340.232&amp;__hssc=78530635.3.1413908740340&amp;__hsfp=1237671243">observed</a> in 2014 using the same virus to target NATO, energy sector firms, and government organizations in Ukraine, Poland, and western Europe.“The team prefers the use of spear-phishing [aka targeting individuals to unwittingly provide them with access] with malicious document attachments to target victims,” <a href="http://www.isightpartners.com/2014/10/cve-2014-4114/">wrote iSight</a>. "Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia."Sandworm, iSight added, was also known for its use of a virus named “Black Energy.” On Tuesday, the antivirus firm ESET separately <a href="http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/">reported</a> that multiple electrical stations in Ukraine were infected by a virus they named as “BlackEnergy,” which first surfaced two years ago but has since been updated. In its current form the virus allows an attacker ongoing access to a system, as well as the ability to destroy part of the computer hard drive and sabotage industrial control systems.“We have discovered that the reported case was not an isolated incident and that other energy companies in Ukraine were targeted by cybercriminals at the same time,” <a href="http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/">wrote</a> ESET researchers in a blog post.

Experts Think They've Found The First International Cyberattack To Cause A Blackout

[INSERT 1]SAN FRANCISCO — On Dec. 23, over 600,000 homes in the Ivano-Frankivsk region of Ukraine lost all power for several hours. Now cybersecurity experts are claiming that the power outage was caused by a cyberattack, likely originating in Russia."It's a milestone because we've definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout," John Hultquist, head of the cybersecurity firm iSight's cyber espionage intelligence practice, <a href="http://arstechnica.com/security/2016/01/first-known-hacker-caused-power-outage-signals-troubling-escalation/" target="_blank">told ArsTechnica</a>. "It's the major scenario we've all been concerned about for so long."Ukraine's security service has <a href="http://mobile.reuters.com/article/idUSKBN0UE0ZZ20151231" target="_blank">blamed the incident on Russia</a> for weeks, though definitively establishing the source of cyberattacks is always difficult.iSight’s researchers attributed the blackouts to a virus that disconnected electrical stations from the power grid. They named the group behind the attacks “Sandworm.” They've previously said the same team was behind a Russian cyberespionage campaign iSight <a href="http://info.isightpartners.com/sandworm-report?__hstc=78530635.27d270baf1f7eacfb6efe3978ef03939.1401809013884.1413904382008.1413908740340.232&__hssc=78530635.3.1413908740340&__hsfp=1237671243" target="_blank">observed</a> in 2014 using the same virus to target NATO, energy sector firms, and government organizations in Ukraine, Poland, and western Europe.“The team prefers the use of spear-phishing [aka targeting individuals to unwittingly provide them with access] with malicious document attachments to target victims,” <a href="http://www.isightpartners.com/2014/10/cve-2014-4114/" target="_blank">wrote iSight</a>. "Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia."Sandworm, iSight added, was also known for its use of a virus named “Black Energy.” On Tuesday, the antivirus firm ESET separately <a href="http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/" target="_blank">reported</a> that multiple electrical stations in Ukraine were infected by a virus they named as “BlackEnergy,” which first surfaced two years ago but has since been updated. In its current form the virus allows an attacker ongoing access to a system, as well as the ability to destroy part of the computer hard drive and sabotage industrial control systems.“We have discovered that the reported case was not an isolated incident and that other energy companies in Ukraine were targeted by cybercriminals at the same time,” <a href="http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/" target="_blank">wrote</a> ESET researchers in a blog post.

People cross a road during a power outage in the Crimean city of Simferopol on November 24, 2015.

About BuzzFeed Community

Community Brand Guidelines

BuzzFeed Community

Sorry, this content is no longer supported.

BuzzFeed Community Guidelines

BuzzFeed Community Leaderboard

BuzzFeed News has breaking stories and original reporting on politics, world news, social media, viral trends, health, science, technology, entertainment, and LGBTQ issues.

All the best animals on the internet. The snuggle is real.

BuzzFeed has breaking news, vital journalism, quizzes, videos, celeb news, Tasty food videos, recipes, DIY hacks, and all the trending buzz you’ll want to share with your friends. Copyright BuzzFeed, Inc. All rights reserved.

BuzzFeed News | Breaking News | Original Reporting | News Analysis

Animal Pictures and Videos - Adorably from BuzzFeed

Name

Thanks for subscribing!

Stay up to date with our latest BuzzFeed video. Enter your email to subscribe!

Oops! Upload an image or add text to submit.

BuzzFeed has the hottest, most social content on the web. We feature breaking buzz and the kinds of things you'd want to pass along to your friends.