Cyber Security

Russian Hackers Have Power To Take Down Electrical Grids: Report

A 2016 attack that cut power to Kiev could have just been a test run

Cyber Security
Illustration: Diana Quach
Jun 12, 2017 at 4:49 PM ET

Hackers believed to be affiliated with the Russian government have developed a program that could do more damage to worldwide electrical grids than any previously known to the public, researchers say.

A new report from cybersecurity firm Dragos details a sophisticated malware framework, which it calls CrashOverride, that could be adapted with relative ease for use against different power grids, making it a threat to electricity suppliers around the world.

The malware was used in a December, 2016 attack against a Ukrainian power grid. That attack, which cut power for an hour for about a fifth of the capital city of Kiev, received comparatively little attention at the time, in part because it was less damaging than a different attack in 2015.

While there isn’t an official tally of victims from the 2015 attack, some 80,000 customers from a single one of those companies, Kyivoblenergo, lost power for several hours. It was a multi-pronged attack: Not only did the malware shut down internal production at power companies, it also froze operators’ screens, leading them to believe operations were running normally. The attack was boosted by a mysterious flood of phone calls, which tied up phone operators who would have otherwise been quickly alerted to the severity of the problem.

More Hacker, Tailor, Soldier, Spy: The Future Is Cyberwar

But upon analyzing the attacks and the malware framework behind it, Dragos warns that the more recent attack appears to have been a proof-of-concept for CrashOverride, which is far more powerful than the 2016 outage indicates.

While cyberattacks are inherently and notoriously difficult to attribute, numerous U.S. cybersecurity firms have cited the same culprit as ultimately responsible for both of the Ukrainian power grid attacks — the Russian government. While cyber-warfare is common among a number of countries, Russia has grown to be particularly brazen with high-profile attacks.

Attacks on electric grids have long been considered a doomsday scenario, because theoretically a handful of dedicated hackers could substantially damage infrastructure and put civilian lives at risk. The U.S., however, has recently seen more creative, disastrous hacks on other systems. Notably, the Russian government attack and dissemination of Democratic Party files to aid in the election of President Donald Trump, and the 2015 Office of Personnel Management hack, believed to be perpetrated by China, which exposed some 21.5 million federal employees’ Social Security Numbers as well as the personal files of undercover intelligence and law-enforcement agents.