U.S. Firm Blames Russian 'Sandworm' Hackers for Ukraine Power Outage

U.S. Firm Blames Russian 'Sandworm' Hackers for Ukraine Power Outage

U.S. cyber intelligence firm iSight Partners said on Thursday it has determined that a Russian hacking group known as Sandworm caused last month's unprecedented power outage in Ukraine.

"We believe that Sandworm was responsible," iSight's director of espionage analysis, John Hultquist, said in an interview.

The conclusion was based on analysis of malicious software known as Black Energy 3 and KillDisk, which were used in the attack, and intelligence from "sensitive sources," he said.

The Dec. 23 outage at Western Ukraine's Prykarpattya Oblenergo cut power to 80,000 customers for about six hours, according to a report from a U.S. energy industry security group.

Ukraine's SBU state security service has blamed Russia, but the nation's Energy Ministry said it would hold off on attribution until after it finishes a formal probe.

Other firms have linked that malware to the attack. But iSight is the first firm to so confidently assert that Sandworm was responsible.

ISight said it is not clear whether Sandworm is working directly for Moscow. The group is named Sandworm because references to the "Dune" science-fiction series are embedded in its malware.

"It is a Russian actor operating with alignment to the interest of the state," Hultquist said. "Whether or not it's freelance, we don't know."

To date, it has primarily engaged in espionage, including a string of attacks in the United States using Black Energy that prompted a December 2014 alert from the Department of Homeland Security, according to iSight.

That alert said a sophisticated malware campaign had compromised some U.S. industrial control systems. A DHS spokesman declined to comment Thursday on iSight's findings.

While no outages or physical destruction was reported in conjunction with those attacks in the United States, some experts said that may be simply because the attackers did not want to go that far.

"It's not a major stretch to conclude the difference in the outcomes of the attacks in the Ukraine versus those in the United States were an issue of intent not capability," said Eric Cornelius, managing director of cyber security firm Cylance Inc and former DHS official responsible for securing critical infrastructure.

"It would be naive to say the same attackers couldn't successfully execute in the United States," said Chris Blask, executive director of the Industrial Control System Information Sharing and Analysis Center.

ISight said Sandworm was also behind previously reported attacks on Ukrainian officials, EU and NATO members as well as media companies in Ukraine.

  • 08.01.2016
  • Share:

Comments (5)

    • 06.10.2022

    <a href="https://www.boldesibol.com/high-end-baseball-caps-handfr">high end baseball caps</a> <a href="https://www.ebaumsnation.net/ray-ban-2509-sunglassfr">ray ban 2509</a> <a href="https://www.biosavons.com/breast-cancer-dallas-cowboys-nhlde">breast cancer dallas cowboys</a> <a href="https://www.lepicea.net/oakley-crosshair-prizm-sunglassno">oakley crosshair prizm</a> <a href="https://www.belpages.net/pharrell-williams-hu-adidas-shoes-shippingno">pharrell williams hu adidas shoes</a> <a href="https://www.bushkim.net/vintage-habs-jersey-nhlit">vintage habs jersey</a> betonvloeren http://www.betonvloeren.net/

    • 06.10.2022

    <a href="https://www.johnamoreno.com/etuikleid-schwarz-kurzarm-dressdef">etuikleid schwarz kurzarm</a> <a href="https://www.jmlaroccabooks.com/codice-sconto-gabs-bagsite">codice sconto gabs</a> <a href="https://www.becomingsleek.com/cavalry-hat-army-hatsv">cavalry hat army</a> <a href="https://www.rabidenglish.com/nike-schuhe-vintage-shoesdej">nike schuhe vintage</a> <a href="https://www.sodmgmodels.com/gorras-para-mujer-puma-hatsesc">gorras para mujer puma</a> <a href="https://www.tidyweekender.com/peignoir-de-bain-tommy-hilfiger-femme-dressfre">peignoir de bain tommy hilfiger femme</a> <a href="https://www.haydayhacktoolz.com/" >haydayhacktoolz</a> haydayhacktoolz

    • 06.10.2022

    <a href="https://www.mycanadarx.com/botines-c%C3%B3modos-para-caminar-sneakeresb">botines c贸modos para caminar</a> <a href="https://www.bdlawyersdir.com/magliette-scritte-personalizzate-nflite">magliette scritte personalizzate</a> <a href="https://www.signplusplus.com/quinceanera-dresses-royal-blue-and-gold-dressf">quinceanera dresses royal blue and gold</a> <a href="https://www.seemrensalon.com/cabas-h-m-pied-de-poule-bagsfrj">cabas h m pied de poule</a> <a href="https://www.yuvaneeds.com/jordan-scarpe-4-shoesitd">jordan scarpe 4</a> <a href="https://www.roboscholar.com/rinascimento-taglie-forti-dressit3">rinascimento taglie forti</a> <a href="https://www.mumofthreeboys.com/" >mumofthreeboys</a> mumofthreeboys

    • 06.10.2022

    <a href="https://www.displaysofjamaica.com/robe-de-soir%C3%A9e-longue-jaune-dressfrk">robe de soir茅e longue jaune</a> <a href="https://www.aidownloading.com/zalando-cocktailkleid-festlich-dressden">zalando cocktailkleid festlich</a> <a href="https://www.aboutbabyshowers.com/handy-umh%C3%A4ngetasche-leder-liebeskind-casedeg">handy umh盲ngetasche leder liebeskind</a> <a href="https://www.piterasek.com/iphone-handyh%C3%BClle-original-casedec">iphone handyh眉lle original</a> <a href="https://www.ladabra.com/sneakers-homme-court-royale-nike-shoesfrm">sneakers homme court royale nike</a> <a href="https://www.yurtsohbet.com/lefties-botas-cowboy-sneakeresn">lefties botas cowboy</a> <a href="https://www.emcetolerie.com/" >emcetolerie</a> emcetolerie

    • 06.10.2022

    <a href="https://www.pastelpants.com/mjus-biker-boots-damen-schwarz-sneakerdez">mjus biker boots damen schwarz</a> <a href="https://www.cloudninechic.com/platform-leather-converse-high-top-shoes4">platform leather converse high top</a> <a href="https://www.nekojyujisya.com/adidas-sneaker-29-shoesdeb">adidas sneaker 29</a> <a href="https://www.portalsituspoker.com/botas-chiruca-goretex-sneakeresx">botas chiruca goretex</a> <a href="https://www.frbasketsoldes.com/nkd-sommerkleider-dressdek">nkd sommerkleider</a> <a href="https://www.hbpmbz.com/borsa-tracolla-doppia-bagsiti">borsa tracolla doppia</a> <a href="https://www.allrealism.com/" >allrealism</a> allrealism

Your comment