VERY IMPORTANT

At the end of December 2015, the network system of Ukrainian power companies was attacked by hackers, leaving most areas of western Ukraine in the dark. Security Service of Ukraine (SBU) indicated that Russian spies had implanted malicious softwares in the State Grid which caused power plants shut down unexpectedly. A few days later, security teams overseas claimed that this incident was related to the BlackEnergy trojan and some malicious code samples had been acquired and analyzed. Knownsec Security Team has followed up this incident ever since its happening. This report records the analysis and tracing process of the entire incident.