1 Min Read
Ongoing Cyber Attack Campaign Against Ukraine Power Grid – And Why It Matters
Originally published February 12, 2016, updated May 24, 2023.
Protect and safeguard your OT network and operations with the industry's most advanced, most capable cybersecurity platform.
Learn MoreDiscover and visualize every asset and every network connection in your OT environment.
Segment your network and enforce granular policies for true Zero Trust cybersecurity.
Identify unexpected or unauthorized activity, from Level 0 signals to cloud connections.
Monitor physical process signals to detect threats and prevent system damage.
With advanced technology and an expert team, Mission Secure helps organizations meet their most pressing OT security challenges.
Keep your organization secure against cyber threats and take control of your OT network.
View All IndustriesFind helpful OT and ICS cybersecurity resources, guides, and downloads.
View All ResourcesOur team of world-class OT, IT, and cybersecurity experts are setting the standard in OT cyber-protection.
Learn MoreWritten by Mission Secure News Desk
February 12, 2016
MSi has been tracking the ongoing cyber attack campaign against power companies, and now the energy supply chain, in the Ukraine. This is an issue of national importance. New developments are becoming public.
This may not mean a lot to many of you, but this is an issue of national importance. A foreign actor has been leading an ongoing campaign against the Ukrainian power grid and more recently switching tactics to hit the energy supply chain (i.e. resource producing companies that supply material to make power and the trains that deliver them). TrendMicro first broke the news last night.
The first waves in December and early January of 2016 “turned off the lights” by disconnecting the power grid from generation by simultaneously opening the relays in the control network and turning off 30 substations (remotely, all at once, lights go out). The Ukraine utilities apparently did not even know this was a cyber attack and sent people out to the 30 substations to manually put the power back on. In the US, we are far more automated after decades of progression and returning to manual operation for any period of time (days) is not very feasible.
The adversary has been adjusting their attack tactics in near real-time as they see responses unfold. They recently began attacking and infiltrating the energy supply chain in phase 2 in an effort to take out the power, fuel and transportation sources (trains). This is not an attack on one plant or one company, it is an ongoing campaign against the supply chain of what keeps the power systems, and all that rely upon them, operating in a region of a major NATO country.
Originally published February 12, 2016, updated May 24, 2023.