U.S. Says Cyber Attack Caused Ukraine Power Outage

Ukraine power cybersecurity hackers
An electricity generating plant in Kiev, Ukraine, November 27, 2015. Cybersecurity lapses have left critical Ukrainian infrastructure like a "powder keg", security researchers said. Valentyn Ogirenko/ Reuters

WASHINGTON (Reuters) - A December power outage in Ukraine affecting 225,000 customers was the result of a cyber attack, the U.S. Department of Homeland Security said Thursday, marking the first time the U.S. government officially recognized the blackout as caused by a malicious hack.

Security experts had already widely concluded that the downing of utilities in western Ukraine on December 23 was due to an attack, which is believed to be the first known successful cyber intrusion to knock a power grid offline.

The published alert from DHS's Industrial Control Systems Cyber Emergency Response Team does not confirm attribution of the attack. But U.S. cyber intelligence firm iSight Partners and other security researchers have linked the incident to a Russian hacking group known as "Sandworm."

DHS said its assessment was based on interviews with six Ukrainian organizations affected by the blackout and said its investigators were not able to independently review technical evidence.

During the attack, hackers remotely switched breakers in a way that cut power after installing malware, DHS said.

The attackers are also believed to have spammed the Ukraine utility's customer-service center with phone calls in order to prevent real customers from communicating about their downed power, according to a report released last month by Washington-base SANS Inc.

Some security researchers criticized the analysis provided by DHS, believing it was hemmed in by legal considerations.

"If they had come out two months ago and said this it would have been useful," said Robert Lee, chief executive of Dragos Security, a cyber security firm. "But at this point they're saying things we already know."