KIEV (Reuters) - Hackers used a Russian-based internet provider and made phone calls from inside Russia as part of a coordinated cyber attack on Ukraine’s power grid in December, Ukraine’s energy ministry said on Friday.
The incident was widely seen as the first known power outage caused by a cyber attack, and has prompted fears both within Ukraine and outside that other critical infrastructure could be vulnerable.
The ministry, saying it had completed an investigation into the incident, did not accuse the Russian government directly of involvement in the attack, which knocked out electricity supplies to tens of thousands of customers in central and western Ukraine and prompted Kiev to review its cyber defences.
But the findings chime with the testimony of the U.S. intelligence chief to Congress this week, which named cyber attacks, including those targeting Washington’s interests in Ukraine, as the biggest threat to U.S. national security.
Relations between Kiev and Moscow soured after Russia annexed the Crimean peninsula in March 2014 and pro-Russian separatist violence erupted in Ukraine.
Hackers targeted three power distribution companies in December’s attack, and then flooded those companies’ call centres with fake calls to prevent genuine customers reporting the outage.
“According to one of the power companies, the connection by the attackers to its IT network occurred from a subnetwork ... belonging to an (internet service) provider in the Russian Federation,” the ministry said in a statement.
Deputy Energy Minister Oleksander Svetelyk told Reuters hackers had prepared the attacks at least six months in advance, adding that his ministry had ordered tighter security procedures.
“The attack on our systems took at least six months to prepare - we have found evidence that they started collecting information (about our systems) no less than 6 months before the attack,” Svetelyk said by phone.
Researchers at Trend Micro, one of the world’s biggest security software firms, said this week that the software used to infect the Ukrainian utilities has also been found in the networks of a large Ukrainian mining company and a rail company.
The researchers said one possible explanation was that it was an attempt to destabilise Ukraine as a whole. It was also possible these were test probes to determine vulnerabilities that could be exploited later, they said.
Writing by Matthias Williams; additional reporting by Eric Auchard; Editing by Ruth Pitchford