Getty Images / Scott Barbour

In a worrying sign of potential cyber attacks to come, thousands of people in Ukraine were left without electricity after hackers hit electrical substations, it has been claimed.

The power outage in the country, first reported by local news sources on December 23, took a regional control center offline and has been blamed on malware.


It's believed the BlackEnergy Trojan -- which started out as a tool to create denial of service (DDoS) attacks in 2007 and has since been developed into sophisticated malware -- was used to cause the blackout.

Security researchers iSIGHT Partners told Ars Technica that it had obtained samples of the code that had effected the regional power centers and caused the power loss in the Ivano-Frankivsk region of the country. The boss of a second security firm, Dragos Security, has also said that it has obtained some of the malware code that was used.

Read next A data fail left banks and councils exposed by a quick Google search A data fail left banks and councils exposed by a quick Google search

While cyber attacks are increasingly common they often tend to focus on commercial companies handling customer details: Ashley Maddison, Uber, TalkTalk and more were hit by forms of attacks recently. Malicious code, however, is less frequently successful at causing disruption in industrial environments.

In January 2015 physical damage from a cyber attack occurred for only the second time when a German steel mill was targeted. Hackers were said to disrupt the controls of a blast furnace so that it couldn't be shut down -- it was said "massive" damage was caused. The first known digital attack to have caused physical damage was at a uranium enrichment plant in Iran, the attack was launched by the U.S and Israel, in around 2008.

John Hultquist, a boss at iSIGHT said it the first "destructive event" he has seen that has caused a blackout. "It's the major scenario we've all been concerned about for so long," he told Ars.


Cyber attacks against infrastructure, such as electricity grids, have also been cause for alarm for politicians. In November, UK chancellor George Osborne confirmed almost £2bn in funding to help protect the UK from cyber attacks and so that it could develop its own. "If the lights go out, the banks stop working, the hospitals stop functioning or government itself can no longer operate, the impact on society could be catastrophic," Osborne said at the time.

Though it hasn't been confirmed who was behind the potential cyber attack, Ukrainian security services almost immediately claimed Russia was the root cause.

The energy ministry in Ukraine has set up a "special commission" to investigate what happened but only after it blamed its close neighbours, Reuters reports said.