A Ukrainian government official said Thursday that Russian military hackers caused a power outage in parts of Ukraine last year, a previously unpublicized cyberattack that adds to concerns about the vulnerability of critical infrastructure.
It is unclear how many people or places were without power or for how long.
The attack, which happened in October last year, is only the third known time that hackers successfully penetrated an energy system and caused a power outage. The other two incidents, in 2015 and 2016, were also in Ukraine, and the perpetrators have been widely attributed to the same unit in Russia’s military intelligence agency, the GRU.
Details of the hack are complicated by the fact that much of Ukraine was under missile attacks around the same time. Russia physically damaged some of the infrastructure, making it even more difficult for responders to restore power.
Victor Zhora, head of Ukraine’s cyber defense agency, told NBC News that it was an example of Russia coordinating its cyberattacks and kinetic attacks against the same target.
“They focus on the energy sector, on critical infrastructure. They strike it with cruise missiles, and they will continuously attempt to hit with cyber tools,” he said. “That’s the trend, that they are focusing on civilian targets.
Mandiant, a cybersecurity company owned by Google, also released a report on the incident Thursday.
Zhora and Mandiant declined to share many specifics about the attack, including the precise nature of the facility that was hacked, where it was located or how many people or places lost power because of it.
The Russian Foreign Affairs Ministry didn’t respond to an emailed request for comment.
Many countries including the United States, China and Russia routinely engage in spying and espionage, but successful cyberattacks on the power grid are extremely rare. Destructive cyberattacks on critical infrastructure could be seen as an act of war.
The computer operating systems for industrial machinery are often highly specialized and can be confusing to hackers who might gain access, making it unlikely for anyone but a large, dedicated and well-resourced hacker group affiliated or working on behalf of a government to be able to pull off such an attack.
During its invasion of Ukraine, Russia has damaged far more power infrastructure with missiles rather than with cyberattacks.
While the U.S. has never fallen victim to such a cyberattack, federal officials have warned of the possibility that its adversaries could launch one. This summer, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said that China likely had such capabilities and could deploy them against the U.S. in times of major conflict, like if it were to invade Taiwan.
In April last year, Ukraine said it had successfully thwarted a major cyberattack that could have cut power to 2 million people.
“That case was a signal for all of us that we should work harder and improve the situation immediately because it can cause real issues for all of us,” Zhora said.
Ukraine is redoubling efforts to protect power infrastructure from hackers because it fears Russia will continue to attack as the weather turns cold, Zhora said.
“I hope that we use this year to become more prepared, to expect attacks during this autumn and winter,” he said.