Russian hackers in 2016 cyber attack on Ukraine's power grid intended to damage transmissions stations

The attack that blacked out most of the capital city Kyiv was intended to cause physical damage, claims new report

The hackers behind the 2016 cyber attack on Ukraine's power grid had aimed to create conditions to inflict physical damage to the targeted transmission station.

That ' s according to a new study by the researchers from cyber security firm Dragos that recreated the timeline of the attack in an attempt to shed new light on the real motives behind this attack.

In December 2016, Russian hackers planted a malware called "Crash Override" or "Industroyer" in the network of Ukrenergo - Ukraine's national grid operator. The malicious programme was then used at around midnight, just two days before Christmas, to trip each single circuit breaker in a power transmission station located close to Kyiv, Ukraine's capital.

The result was a quick blackout enveloping the most parts of Kyiv.

Although Ukrenergo's engineers were able to restore the power back in about an hour, the incident left many unanswered questions for experts, such as, why Russian hackers used a sophisticated malware to trigger just a one-hour blackout in Ukraine?

The new study - published in paper [pdf] entitled "CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack" - attempts to offer potential answers to all such questions.

In this study, researchers re-examined malware ' s code as well as the network logs of Ukrenergo ' s systems. They concluded that the hackers had actually aimed to cause physical damage that would have prolonged the blackout to several weeks and possibly also put the lives of on-site operators at risk.

According to the researchers, the hackers first deployed "Crash Override" and used it to trip every single circuit breaker in the grid station, which caused a blackout in Kyiv.

Then, about an hour later, they disabled the digital systems of the station to prevent operators from monitoring those systems.

Lastly, hackers exploited a known security bug in station ' s Siprotec protective relays to disable those equipment, thereby making the station susceptible to dangerously high frequencies of electricity.

Protective relays are equipment used to monitor high currents and frequencies at the grid station.

Although, Siemens had released a patch in 2015 to fix the vulnerability, many grid stations in Ukraine failed to update their systems in a timely manner. That opened opportunities for hackers to put the device to sleep by just sending an electrical impulse.

Ukraine is not the only country in the world where hackers have constantly tried to target and disrupt the power supply.

In 2013, a Congressional report claimed that American utility providers were under constant assaults from hackers, with one electricity firm reporting 10,000 attempted cyberattacks in a single month.

In June, it was reported that American Cyber Command had also deployed malware into Russian power grid systems to enable the US to potentially conduct cyberattacks in the event of a major conflict with Russia.