U.S. intelligence examining malware thought to have caused Ukraine power blackout

January 27th, 2016, by

(Cyberwar.news) The U.S. intelligence community is examining bits of malware code that was believed to have been used in the first publicly acknowledged instance of hacking a power station.

As reported by FierceGovernmentIT, the malware used in a cyber attack of a Ukrainian power station believed to have been conducted by Russian-based hackers, “is part of a sophisticated malware campaign that has been ongoing since at least 2011.”

The Department of Homeland Security issued its first public statement from the Obama administration regarding U.S. involvement in the case. In an update to a cybersecurity alert, the department’s Industrial Control Systems Emergency Response Team, or ICS-CERT, has confirmed that it has examined samples of malicious software known as “BlackEnergy” that was obtained from the networks of a western Ukraine power company. The code specifically targets industrial control systems and has been seen on Internet-connected human-machine interfaces in the U.S.

“ICS-CERT and US-CERT are working with the Ukrainian CERT and our international partners to analyze the malware and can confirm that a BlackEnergy 3 variant was present in the system,” the alert notes.

Though many cyber experts believe the malware was the IT system “interface” that disrupted the Ukrainian power grid Dec. 23, ICS-CERT and US-CERT officials said they “cannot confirm a causal link between the power outage with the presence of the malware” based on the forensic evidence they were given.

However, several experts believe the malware, which was described as not particularly sophisticated, could have instead been used to hide and protect the hackers.

“Malware was likely used to prevent system operators from detecting the attack while a remote attacker opened ‘breakers,’ disconnecting parts of the network,” reported The Hill.

Ukrainian government officials quickly blamed Russia for the attack, but as FierceGovernmentIT noted, other experts say that BlackEnergy is associated with the ethnic Russian hacking group “Sandworm” rather than the Russian government.

Retired Air Force Gen. Michael Hayden, former head of the CIA and National Security Agency, said the Ukraine incident meant there are “darkening skies” over critical U.S. infrastructure.

In an interview with reporters after an event in Miami last week, Hayden said the threat of malware infections leading to physical damages is increasing.

“This is another data point on an arc that we’ve long predicted,” Hayden told The Christian Science Monitor.

See also:

FierceGovernmentIT

ICE-CERT

Cyberwar.news is part of the USA Features Media network of sites. For advertising opportunities, click here.