The attack that shut down the power in Kiev in the Ukraine was the result of a cyberattack, said officials at the national power company Ukrenergo.
Ukrenergo officials said a preliminary analysis showed the normal operation of workstations and SCADA servers had been disrupted due to “external influences,” according to reports.
Investigators are trying to trace other potentially infected computers and establish the source of the breach.
The analysis indicates the incident, described as a planned and layered intrusion, involved malware that allowed the attackers to remotely control internal systems.
“The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion,” Ukrenergo said in a report email to Reuters.
Investigators are in the process of establishing a timeline of events and identifying compromised accounts, points of entry, and devices infected with malware that may be lying dormant.
Ukrenergo said the results of this investigation will help the company implement organizational and technological measures that would help prevent cyber threats and reduce the risk of power failure.
The incident took place on the night between December 17 and 18 at the substation in Pivnichna, causing blackouts in the capital city of Kiev and the Kiev region. Power ended up fully restored after an hour.
Ukrenergo officials immediately suspected external interference and brought in cybersecurity experts to conduct an investigation.
One of the experts involved in the probe said the 2016 attacks were more sophisticated and better organized compared to the ones launched in December 2015.