A cyber attack on a Ukrainian power plant that resulted in an electricity blackout last month was more widespread than previously thought, according to security software firm ESET.
Prykarpattyaoblenergo, a power company in Western Ukraine, reported an outage on 23 December that affected the nearby area including regional capital Ivano-Frankivsk.
At the time, Ukraine's state security service blamed the attack on Russia and the energy ministry in Kiev set up a commission to investigate the matter.
However, Robert Lipovsky, a senior malware researcher at ESET, said that similar malware was found in the networks of two other utilities, although these did not result in blackouts.
"The reported case was not an isolated incident," he said.
Experts with ESET and two other security firms, iSight and Trend Micro, believe the attackers used a malicious software platform known as ‘BlackEnergy’ to access utility networks, planting a related piece of malware, ‘KillDisk’, on targeted systems.
KillDisk is capable of deleting or overwrite data files but the researchers say they have yet to determine whether its job was to knock out power or simply conceal the attack.
Cyber criminals have been using versions of BlackEnergy since 2007 and over the past two years there have been widespread reports that a Moscow-backed group, Sandworm, has been using the software for targeted attacks.
"This is the first time we have proof and can tie malware to a particular outage," said Trend Micro senior researcher Kyle Wilhoit. "It is pretty scary."
Prykarpattyaoblenergo publicly blamed its outage on ‘interference’ in the working of its system but the Kremlin did not respond to a request for comment.
A string of cyber-attacks on Ukraine’s telecommunications system in 2014 were also blamed on Russia by the Ukrainian security agency.