Ukraine is ramping up its cyber security after a suspected attack by Russian hackers on a computer at its main international airport, just weeks after similar malicious software was blamed for helping to cause power cuts in western Ukraine.
Ukrainian state cyber-security agency Cert-UA urged computer administrators to check their networks for a virus called Black Energy, evidence of which was reportedly found on computers at Kiev’s Boryspil airport and three electricity firms that were affected in late December.
Analysts warn cyber attacks could be a new tactic in Russia’s aggression against Ukraine’s pro-western government, following the annexation of Crimea, support for separatists in eastern regions and engagement in a trade war.
"On January 15th specialists discovered that one of the work stations at Boryspil airport was infected with the Black Energy virus," said Andriy Lysenko, a spokesman for Ukraine's military.
“The infected computer was isolated from the computer infrastructure of the airport and the incident was reported to experts at the Cert-UA group.”
Shadowy groups
“This was already the second case, and was very similar to what happened earlier in Ivano-Frankivsk. We suspect that this attack came from
Russia
. ”
On December 23rd, electricity was cut for six hours to about 80,000 people in and around Ivano-Frankivsk, a city of some 230,000 people about 200km from the Polish border.
Ukraine’s security service blamed the incident on its counterpart in Russia, while international computer experts said the attack raised the prospect of more frequent and damaging attacks by shadowy groups on civilian infrastructure.
US cyber-intelligence firm iSIGHT Partners said: “This incident is a milestone because it is the first major cyber attack to substantially affect the civilian population and because of the overwhelming importance of the grid to multiple reliant sectors.”
The company said the use of Black Energy as a key element of the attack, and other evidence gathered, pointed to the involvement of a Russian hacking group called Sandworm.
"It is a Russian actor operating with alignment to the interest of the state," John Hultquist, iSight's director of espionage analysis, told Reuters recently.
Analyse the attack
Experts in cyber security at the US department of homeland security are working with Ukrainian colleagues to analyse the attack on the power grid.
They said in a statement this month “a Black Energy 3 variant was present in the system” affected, but could not confirm “a causal link between the power outage with the presence of the malware”, which appeared to have infected the energy companies’ computers “via a malicious Microsoft Office attachment”.
In response to the suspected airport attack, Ukraine’s infrastructure ministry said it would review the cyber security of its facilities and companies.