The power system of Ukraine really attacked the attackers: the conclusions of SANS

Unidentified people who carried out the attack on the power system of Ukraine , used quite powerful software that allows you to manage some subsystems of power plants. This conclusion was reached by SANS ICS specialists, who studied the problem in detail. The hackers used a malware called BlackEnergy to capture control.

This software enabled attackers to gain control over automatic energy management systems, after which, using automatic switches, the attackers simply turned off some power lines. This led to the disconnection of at least 80 thousand people from the grid. Report on the incident has already been published.

According to the head of SANS ICS, Michael J. Assante, the attackers showed a high level of planning, coordination and ability to use malware. As a result, the energy infrastructure of some regions has been disrupted. The attackers also tried to prevent the restoration of normal power supply by attacking the SCADA server after the first attack. The attack itself included three components: malware, a denial of service for telephone systems, and a final attack, which is still being studied. As far as can be understood, this was a direct interaction from the attackers, and not the work of the software.
')
The report also states that there is no evidence that the grid was disconnected using BlackEnergy or the newly developed component of this KillDisk malware. In addition, experts say, there is no evidence that the software got into the computer system of power stations through infected Microsoft Office documents. One thing is clear - the attack was very well planned, and BlackEnergy is a key element of this attack.

“Malware was used by attackers to gain 'points of support' in certain elements of the energy infrastructure. This software was also used to affect the SCADA system, in order to prevent the restoration of normal power supply, ”the report of the specialists says .