2016 Kyiv cyberattack

In this article, we will delve into the fascinating world of 2016 Kyiv cyberattack, exploring its origins, evolution and relevance in today's society. From his first appearances to his impact on everyday life, 2016 Kyiv cyberattack has captured the attention of millions of individuals around the world. Through a deep and detailed analysis, we will examine the different aspects that make it so incredibly interesting and worth exploring. From its possible implications in the future to its meaning in the present, 2016 Kyiv cyberattack has left an indelible mark on history, and it is essential to understand its importance today. Join us on this exciting tour of 2016 Kyiv cyberattack and discover everything there is to know about this irresistible phenomenon.

A cyberattack happened in the Ukrainian capital Kyiv just before midnight on 17 December 2016, and lasted for just over an hour. The national electricity transmission operator Ukrenergo said that the attack had cut one fifth of the city's power consumption at that time of night.

Attack

The attack affected the electrical substation at Pivnichna, outside the capital. It happened a year after a previous attack on Ukraine's power grid.

Dragos Security concluded that the attack was not merely to cause short-term disruption but to cause long-lasting damage that could last weeks or months. The attackers had tried to cause physical damage to the station when the operators turned the grid back on. The attack used Industroyer malware and has the ability to attack hardware including SIPROTEC protective relays. These protective relays open circuit breakers if they detect dangerous conditions. A security flaw meant that a single packet could put the relays in a state where it would be useless unless manually rebooted. Siemens released a software patch in 2015 to fix the issue, but many relays weren't updated with it. Evidence from logs obtained by Dragos Security showed the attackers initially opened every circuit breaker in the transmission station, causing a power cut. Then an hour later they ran wiper malware to disable the station's computer, making it impossible to monitor the station. Finally, the attackers tried to disable four of the stations SIPROTEC protective relays, which could not be detected by operators. Dragos concluded that the attackers intended the operators to re-engergise the station equipment, which could have injured engineers and damaged equipment. The data packets intended for the protective relays were sent to the wrong IP address. The operators may also have brought the station back online faster than attackers expected.

See also

References

  1. ^ a b c d "Ukraine power cut 'was cyber-attack'". BBC News. 2017-01-11. Retrieved 2022-07-07.
  2. ^ a b c d e f g h i j k l Greenberg, Andy (2019-09-12). "New Clues Show How Russia's Grid Hackers Aimed for Physical Destruction". Wired. Archived from the original on 2019-09-13. Retrieved 2022-07-07.
Wikious
Boobota
Sagapedia