Regional electricity distribution company Ukrainian Kyivoblenergo has a dubious distinction. It is the world’s first power grid provider to be taken down in a cyber attack.
It all began when its Prykarpattyaoblenergo control center was the victim of a cyber intrusion on December 23, 2015. The company’s computer and SCADA systems were attacked, disconnecting 30 substations for three hours. As many as 230,000 customers lost power – approximately half of the homes in the Ivano-Frankivsk region in Ukraine (population about 1.4 million). The tool used was malware known as BlackEnergy.
Ukrainian government officials came out rather quickly to claim the outages were caused by a cyber attack, squarely placing blame on Russian security services.
The attack on the power station occurred in the afternoon. An employee was working at his desk organizing papers when he noticed something very odd. As if by magic, the cursor on his computer began to move around the screen on its own.
The worker watched – mouth likely agape – as the cursor moved towards buttons that control a substation’s circuit breakers, clicking on a box to open them – taking the substation offline, leaving 225,000 residents in the dark.
The employee made every effort to regain control of the computer. But it was too late. The attackers had already logged him out.
Wired obtained a short clip of the actual attack, which can be viewed here. NATO also created this short video depicting the event: