The first known cyber attack to cause widespread public blackouts has occurred in Ukraine, it is believed. On December 23, an electricity blackout left about half the homes in the Ivano-Frankivsk region of Ukraine without power, according to local reports at the time. It is now believed by security researchers that the blackout was achieved by hackers using malicious code known as the BlackEnergy Trojan.
The attack is significant because it’s the first known time malware has been used to disrupt critical physical civilian services. Until this time most cyber attacks that have directly affected the public have remained in the realm of digital-–think the Target credit card hack or the Ashley Madison breach. Other malware attacks that have affected physical infrastructures before have been limited to industry or government installations, such as the cyber attack that caused physical damage at a German steel mill in 2014.
Cyber attacks such as this that affect physical services are an increasing worry to governments, as shutting down public infrastructures like electricity grid could cause significant economic damage and even loss of life.
“It’s a milestone because we’ve definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout,” John Hultquist, head of security researchers iSIGHT Partners, told Ars Technica. “It’s the major scenario we’ve all been concerned about for so long.”
It is not known who is behind the attack, but iSIGHT says it is likely the work of a group of hackers known as the Sandworm gang, which it says has ties to Russia. For its part, Ukrainian authorities are investigating the attack but have not publicly attributed it to any specific group.