According to computer security specialist ESET, attackers were able to infiltrate power station computers by using malware-laden Microsoft Office documents. Using social engineering techniques, the files were activated by power station employees, who unwittingly deployed the BlackEnergy trojan. The malware can "plant a KillDisk component" that makes key terminals unbootable or open backdoors that allow external access.

It's believed that Russian hackers known as The Sandworm Team are behind the attack, who have targeted Ukrainian energy suppliers in the past and successfully infected providers in the US and Europe. The Financial Times reports that Ukraine's energy ministry is still conducting a probe into what caused the shutdown. "So far the most likely version is interference in the workings of the automated control systems," said Prykarpattyaoblenergo technical director Oleg Senik. He also said engineers are also having to "manually" fix each substation to restore power in the area.