Researchers have uncovered more evidence tying Russia to what they say is the first major blackout caused by hackers.
On Dec. 23, the power went out in roughly half the homes in Ukraine’s Ivano-Frankivsk region. Within a week, the Ukrainian government said the malware behind the assault was linked to Russia, but offered no specifics.
Cybersecurity firm Eset identified the malware used in the attack as part of the BlackEnergy family.
BlackEnergy has been linked in recent months to a series of suspected Russian cyberattacks on Ukrainian news outlets during the 2015 local elections. It’s also believed the malware was used in 2014 for Russian intelligence-gathering operations on Ukrainian government targets.
Tensions have been running high between Ukraine and Russia since Moscow annexed Crimea last year and began supporting pro-Russian separatists in Ukraine.
Eset said the western Ukraine power company hit by the digital assault was not the only one that hackers were trying to compromise using BlackEnergy.
“Currently we know of several electricity distribution companies in Ukraine ... that have been targeted by cybercriminals,” the company said in its post.
“Additionally, BlackEnergy was also detected at electricity companies earlier in 2015,” it added. “It is possible that the cybercriminals were then at the preparatory stage of the attack.”
The successful attack, which left roughly 700,000 homes temporarily without power, is being billed as the first-ever instance in which hackers caused a major blackout.
Officials, lawmakers and security specialists have long warned about the threat.
Experts say energy companies, while aware of the possibility, are still scrambling to shore up their digital defenses, leaving vital infrastructure exposed to hackers.
“Critical infrastructure has not been upgraded to thwart cyber-attacks — in large part because infrastructure was never internet-enabled and ‘connected’ until now," said Deepak Patel, director of security strategy at cybersecurity firm Imperva, in a statement. "But this vulnerability could be significantly disruptive if exploited."
In the U.S., officials say hackers from Russia, Iran and China are all probing the U.S. power grid for vulnerabilities.
National Security Agency Director Adm. Michael Rogers even acknowledged to lawmakers that China and “one or two” other countries could actually shut down portions of critical U.S. infrastructure using a cyberattack.
Just last month, it was revealed that Iranian hackers had infiltrated a small New York dam in 2013. According to investigators, the hackers were examining the facility’s cybersecurity measures.