A few weeks ago on December 23rd, much of Ukraine experienced a massive power outage, of which the culprit was unknown at the time.
Now, it appears as though the power outage could have been the result of destructive malware called BlackEnergy, according to a team from security researchers iSIGHT.
Specifically, the researchers say BlackEnergy can be used to “plant a KillDisk component onto the targeted computers that would render them unbootable,” which they believe was utilized to attack three regional power authorities in Ukraine.
The power outage that occurred was extensive, eventually leading to approximately half of the households in the Ivano-Frankivsk region of Ukraine without electricity.
In this particular instance, the iSIGHT security researchers believe the malware files were sent as email attachments within Microsoft Office, with the email addresses disguised as national parliament addresses.
When a recipient runs one of the malicious macros included in the email, BlackEnergy is installed on the individual’s computer, thus providing a gateway for remote access to attackers or simply leading to KillDisk malware being installed immediately.
“After having successfully infiltrated a critical system with either of these trojans, an attacker would, again theoretically, be perfectly capable of shutting it down,” write the researchers in a blog post. “ We can assume with a fairly high amount of certainty that the described toolset was used to cause the power outage in the Ivano-Frankivsk region.”
