December 2015 Ukraine power grid cyberattack


On 23 December 2015, hackers were able to successfully compromise information systems of three energy distribution companies in Ukraine and temporarily disrupt the electricity supply to consumers. It is considered to be the first known successful cyberattack on a power grid.
Most affected were consumers of «Prykarpattyaoblenergo» : 30 substations were switched off, and about 230 thousand people were left without electricity for a period from 1 to 6 hours.
At the same time consumers of two other energy distribution companies, «Chernivtsioblenergo» and «Kyivoblenergo» were also affected by a cyberattack, but at a smaller scale. According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to the Russian Federation.
It has been argued that the Ukraine power grid cyberattack is of limited relevance for concerns over hacking of grids in connection with expanding use of renewable energy, as the Ukraine case took place under special conditions that do not apply elsewhere.

Description

The cyberattack was complex and consisted of the following steps:
In total, up to 73 MWh of electricity was not supplied.
Cyber attacks on the energy distribution companies took place during an ongoing conflict in the Ukraine and is attributed to a Russian advanced persistent threat group known as "Sandworm".