December 2015 Ukraine power grid cyberattack

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

On 23 December 2015, hackers compromised information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers. It is the first known successful cyberattack on a power grid.

Most affected were consumers of «Prykarpattyaoblenergo» (Ukrainian: Прикарпаттяобленерго; servicing Ivano-Frankivsk Oblast): 30 substations (seven 110kv substations and 23 35kv substations) were switched off, and about 230000 people were without electricity for a period from 1 to 6 hours.[1]

At the same time consumers of two other energy distribution companies, «Chernivtsioblenergo» (Ukrainian: Чернівціобленерго; servicing Chernivtsi Oblast) and «Kyivoblenergo» (Ukrainian: Київобленерго; servicing Kyiv Oblast) were also affected by a cyberattack, but at a smaller scale. According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to the Russian Federation.[2]

It has been argued that the Ukraine power grid cyberattack is of limited relevance for concerns over hacking of grids in connection with expanding use of renewable energy, as the Ukraine case took place under special conditions that do not apply elsewhere.[3]


The cyberattack was complex and consisted of the following steps:[2]

  • prior compromise of corporate networks using spear-phishing emails with BlackEnergy malware
  • seizing SCADA under control, remotely switching substations off
  • disabling/destroying IT infrastructure components (uninterruptible power supplies, modems, RTUs, commutators)
  • destruction of files stored on servers and workstations with the KillDisk malware
  • denial-of-service attack on call-center to deny consumers up-to-date information on the blackout

In total, up to 73 MWh of electricity was not supplied (or 0.015% of daily electricity consumption in the Ukraine).[2]

Cyber attacks on the energy distribution companies took place during an ongoing conflict in Ukraine and is attributed to a Russian advanced persistent threat group known as "Sandworm".[4]

See also[edit]


  1. ^ Zetter, Kim (3 March 2016). "Inside the cunning, unprecedented hack of Ukraine's power grid". Wired. San Francisco, California, USA. ISSN 1059-1028. Retrieved 2021-02-08.
  2. ^ a b c "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". Міністерство енергетики та вугільної промисловості України. 2016-02-12.
  3. ^ Overland, Indra (1 March 2019). "The geopolitics of renewable energy: debunking four emerging myths". Energy Research and Social Science. 49: 36–40. doi:10.1016/j.erss.2018.10.018. ISSN 2214-6296. Retrieved 2021-02-08. open access
  4. ^ Jim Finkle (7 January 2016). "U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters.

Further reading[edit]

External links[edit]