Party Vibe

read a couple more reports today (one was in German though from the Federal Cybersecurity Ministry) – someone there managed to wreck a blast furnace using similar tactics; most likely a disgruntled insider as they would need to know exactly what commands to use and which physical systems to disrupt.

in UA what the hackers actually did was get into the power control network; send the GOOSE message to open up all the HV breakers (this is the equivalent of pressing the green test button on the RCD in a distribution board); and then they used their backdoor to wipe all the system files on the PCs controlling the power network. As this is usually proprietary software which often has to be activated by the vendors/resellers to check the licensing conditions, reinstalling it is not a trivial job and such systems are often deployed to reduce the headcount of proper trained electrical engineers who could get the power back on manually in a safe manner (that isn’t easy as you are dealing with anything from 10 000V to 400 000 V or more depending on which bits of the HV network have been attacked…

@tryptameanie 976471 wrote:

The massive hackof the step7 control system by stuxnet and the ensuing leak of the code and of course following that every hacker and his granny was gonna be in that shit. Must make people very wary.

given that both UA and DE were targeted hints strongly at the vuln being linked to Siemens Automation equipment as the USSR very often uses German equipment for their industrial systems and has done for decades.

the papers also warn against the widespread misuses of these systems to save headcount and reduce “boots on the ground” which are the best way of preventing these incidents; a trained human will know “that is not a good idea to open those breakers all at once” and there should always be a manual override in the system + an engineer who can attend on call to fix stuff but there is a global shortage of them.