At the end of December, 2015 as many as 80,000 residents in Western Ukraine lost power. Subsequent investigation into the incident indicated that coordinated cyber-attacks contributed to the power outages by disrupting control systems and flooding call centers. Some of the malware deployed contained destructive capabilities, which is fairly unusual for most APT campaigns. Many investigators have attributed this attack to Russia, with some speculating that it may be a precursor to larger scale cyber attacks.
In this session, we will review the publicly available evidence and discuss the prevailing theories about the attacks and how the evidence supports them (or in some cases doesn't). We'll also examine some of the malware involved in the attack and discuss why certain capabilities may have been deployed. Finally, we'll discuss attack attribution and try to determine if based on the available evidence we can come to the same conclusions as other analysts (and the media). This session will have content appropriate for all skill levels, including those without any previous ICS/SCADA exposure.