25:
173:
to disable the station's computer, making it impossible to monitor the station. Finally, the attackers tried to disable four of the stations SIPROTEC protective relays, which could not be detected by operators. Dragos concluded that the attackers intended the operators to re-engergise the station
169:. Siemens released a software patch in 2015 to fix the issue, but many relays weren't updated with it. Evidence from logs obtained by Dragos Security showed the attackers initially opened every circuit breaker in the transmission station, causing a power cut. Then an hour later they ran
152:
Dragos
Security concluded that the attack was not merely to cause short-term disruption but to cause long-lasting damage that could last weeks or months. The attackers had tried to cause physical damage to the station when the operators turned the grid back on. The attack used
174:
equipment, which could have injured engineers and damaged equipment. The data packets intended for the protective relays were sent to the wrong IP address. The operators may also have brought the station back online faster than attackers expected.
306:
386:
328:
89:
391:
376:
61:
371:
361:
182:
In April 2022, Ukrainian authorities announced that they had prevented a cyberattack that used malware similar to
Industroyer.
42:
68:
129:
just before midnight on 17 December 2016, and lasted for just over an hour. The national electricity transmission operator
296:
75:
381:
108:
157:
malware and has the ability to attack hardware including SIPROTEC protective relays. These protective relays open
57:
366:
46:
191:
146:
82:
333:
35:
133:
said that the attack had cut one fifth of the city's power consumption at that time of night.
142:
8:
301:
244:
170:
158:
292:
218:
162:
355:
165:
could put the relays in a state where it would be useless unless manually
297:"New Clues Show How Russia's Grid Hackers Aimed for Physical Destruction"
161:
if they detect dangerous conditions. A security flaw meant that a single
154:
122:
213:
211:
209:
207:
243:
Polityuk, Pavel; Vukmanovic, Oleg; Jewkes, Stephen (18 January 2017).
145:"North" at Pivnichna, outside the capital. It happened a year after a
130:
204:
24:
222:
166:
329:"Ukraine Thwarts Cyberattack on Electric Grid, Officials Say"
126:
242:
245:"Ukraine's power outage was a cyber attack - Ukrenergo"
49:. Unsourced material may be challenged and removed.
287:
285:
327:Rundle, James; Stupp, Catherine (12 April 2022).
283:
281:
279:
277:
275:
273:
271:
269:
267:
265:
353:
262:
16:Cyberattack on a power grid in Kyiv, Ukraine
326:
291:
109:Learn how and when to remove this message
147:previous attack on Ukraine's power grid
354:
219:"Ukraine power cut 'was cyber-attack'"
141:The attack affected the 330 kilowatt
47:adding citations to reliable sources
18:
177:
13:
125:happened in the Ukrainian capital
14:
403:
23:
392:December 2016 events in Ukraine
377:Kyiv in the Russo-Ukrainian War
309:from the original on 2019-09-13
34:needs additional citations for
387:Russian–Ukrainian cyberwarfare
372:December 2016 crimes in Europe
320:
236:
1:
362:Cyberattacks on energy sector
197:
7:
185:
10:
408:
136:
382:Power outages in Ukraine
334:The Wall Street Journal
192:Ukraine power grid hack
58:"2016 Kyiv cyberattack"
367:2016 crimes in Ukraine
143:electrical substation
43:improve this article
119:
118:
111:
93:
399:
346:
345:
343:
341:
324:
318:
317:
315:
314:
289:
260:
259:
257:
255:
240:
234:
233:
231:
230:
215:
178:Follow-on attack
159:circuit breakers
114:
107:
103:
100:
94:
92:
51:
27:
19:
407:
406:
402:
401:
400:
398:
397:
396:
352:
351:
350:
349:
339:
337:
325:
321:
312:
310:
293:Greenberg, Andy
290:
263:
253:
251:
241:
237:
228:
226:
217:
216:
205:
200:
188:
180:
139:
115:
104:
98:
95:
52:
50:
40:
28:
17:
12:
11:
5:
405:
395:
394:
389:
384:
379:
374:
369:
364:
348:
347:
319:
295:(2019-09-12).
261:
235:
202:
201:
199:
196:
195:
194:
187:
184:
179:
176:
138:
135:
117:
116:
31:
29:
22:
15:
9:
6:
4:
3:
2:
404:
393:
390:
388:
385:
383:
380:
378:
375:
373:
370:
368:
365:
363:
360:
359:
357:
336:
335:
330:
323:
308:
304:
303:
298:
294:
288:
286:
284:
282:
280:
278:
276:
274:
272:
270:
268:
266:
250:
246:
239:
224:
220:
214:
212:
210:
208:
203:
193:
190:
189:
183:
175:
172:
171:wiper malware
168:
164:
160:
156:
150:
148:
144:
134:
132:
128:
124:
113:
110:
102:
99:November 2023
91:
88:
84:
81:
77:
74:
70:
67:
63:
60: –
59:
55:
54:Find sources:
48:
44:
38:
37:
32:This article
30:
26:
21:
20:
338:. Retrieved
332:
322:
311:. Retrieved
300:
252:. Retrieved
248:
238:
227:. Retrieved
225:. 2017-01-11
181:
151:
140:
120:
105:
96:
86:
79:
72:
65:
53:
41:Please help
36:verification
33:
155:Industroyer
123:cyberattack
356:Categories
313:2022-07-07
229:2022-07-07
198:References
69:newspapers
131:Ukrenergo
307:Archived
223:BBC News
186:See also
167:rebooted
249:Reuters
83:scholar
340:23 May
254:23 May
163:packet
137:Attack
85:
78:
71:
64:
56:
302:Wired
90:JSTOR
76:books
342:2024
256:2024
127:Kyiv
62:news
45:by
358::
331:.
305:.
299:.
264:^
247:.
221:.
206:^
149:.
121:A
344:.
316:.
258:.
232:.
112:)
106:(
101:)
97:(
87:·
80:·
73:·
66:·
39:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.