A cyberattack in late December on a power plant in the Ukraine "demonstrated planning, coordination and the ability to use malware and possible direct remote access to blind system dispatchers, cause undesirable state changes to the distribution electricity infrastructure, and attempt to delay the restoration by wiping SCADA servers after they caused the outage," according to Michael Assante, SANS ICS director, writing Saturday on the SANS Industrial Control Systems Security Blog.
The intrusion into the production SCADA systems that cut off power to 700,000 customers was carried out with malware that likely prevented system operators from noticing the attack, Assante wrote, while a remote attacker opened breakers, disassembling sections of the network. As well, a DDoS attack on the utility's customer service center led to a flurry of fake calls that prevented those affected from alerting officials.
This is believed to be the first major blackout caused by hackers.
