Attack virus BlackEnergy Ukrainian power supplying company was preparing for at least six months, have established the Ministry of energy and coal industry of Ukraine according to the results of the analysis of the incident.
«Compromise information networks regional power occurred at least 6 months. before the main events using social engineering techniques – sending fake emails with the body of the loader is a virus of the family BlackEnergy e-mail addresses of employees of companies that were publicly available on the Internet», — stated in the press service Minenergouglya.
As evidenced by the results of the analysis of the accident, after running virus attackers had the opportunity to gather information about the structure of information systems of power companies, their software, information about accounts for remote access to infrastructure.
«Proved to have been involved in the cyber attack more than one person, as the actions of the attackers were coordinated and aimed at the information infrastructure at the same time three energy suppliers – «Prykarpattyaoblenergo», «Chernivtsioblenergo» and «Kievoblenergo». According to one regional power, the connection of intruders to its information networks occurred with the subnet to the global Internet owned providers in Russia,» — noted in the Ministry.
As noted in the Agency, in General, the cyber attack consisted of five elements: infecting networks using fake emails; capture control of the automated system of dispatching management by shutdowns at substations; the conclusion out of operation of uninterruptible power supplies, modems, switches and other IT infrastructure; destruction of information on servers and workstations (KillDisk utility); the attack on a phone number of call centers (with Russian numbers) with the purpose of denial of service de-energized subscribers.
«On conclusions of the working Committee, by reason of tampering were the lack of mandatory requirements on the energy companies in IT-security systems of automation of production, lack of information and insufficient training of technical personnel in terms of cyber security, the lack of internal control structures for cyber security, independent system administrators», — stated in the message Ministry.
As noted in the conclusions of the Commission for verification of the incident, in the future, utilities need to isolate industrial control systems and their means of support, administration, from the Internet. You should also check anti-virus, to replace all user accounts, to complicate the password, disallow remote access control systems remote control.
The Ministry plans to establish a working group with the participation of all controlled companies for the implementation of measures to protect against possible virus attacks.
As reported, the Deputy head of the U.S. Department of energy Elizabeth Sherwood-Randall believes that viral attack on Ukrainian energy supply companies industry.
The virus attack of Black Energy at the end of 2015 resulted in outage for a number of consumers «Prykarpattyaoblenergo». Also a virus attack have been «Chernivtsioblenergo», «Prykarpattyaoblenergo», «Kievoblenergo».
Earlier in January, the American company iSight Partners, which specializes in issues of kibernetiki, claimed that a Russian group of hackers known as the Sandworm involved in an unprecedented power outage in Ukraine at the end of December 2015.
Viral attack on Ukrainian power companies were preparing for at least six months, said the Ministry 12.02.2016