Ukrainian Nuclear Power Plant Cryptomining Arrest

By   ISBuzz Team
Writer , Information Security Buzz | Aug 26, 2019 12:14 pm PST

The Security Service of Ukraine (SBU) last month discovered unauthorized computer equipment at the South Ukraine Nuclear Power Station near the city of Yuzhnoukrainsk in the Mykolaiv province.

Investigators found that workers, possibly with assistance from some of the National Guard troops that protected the facility, were running a cryptocurrency mining operation. They were not using plant equipment — they took their own mining rigs into an administrative building — but they were using the organization’s electricity network to power their devices.

Cryptocurrency mining equipment requires a lot of power and entities involved in these types of activities often look for locations with inexpensive electricity.

In addition to stealing electricity from the power plant, the individuals responsible for the operation connected their equipment to the organization’s intranet and to the internet, which reportedly led to the exposure of classified information about the facility’s physical security. This type of information is said to represent a state secret.

Investigators uncovered video cards, switches, storage devices, power supplies, motherboards, and cables and other accessories in the room from where the operation was run.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Casey Ellis
Casey Ellis , CTO and Founder
InfoSec Expert
August 26, 2019 8:22 pm

There’s an ever growing set of ways to illegally monetize IT assets. When electrical power can be converted directly into cash, the consequences can be quite bizarre, such as what’s unfolding here.

The challenge with cyber crimes like this – especially given the motivation and the model are so new – is that collateral damage can be unpredictable and widespread. It’s very atypical that a bitcoin mining ring would bridge an air gap in a nuclear facility, so predicting this outcome would have been extremely difficult. However by implementing vigilant, continuous, adversarial minded scrutiny of potential gaps, threats and leaks, we can continuously identify risks when these sorts of crimes take place.

Crowdsourced security can provide an added layer of defense to IT assets and help stop cryptomining – whether they are launched by an insider threat or an outside attacker. By employing a crowd of good-faith hackers to uncover vulnerabilities, like the ones cryptominers exploit, organizations can secure these potential liabilities before bad actors can take advantage.

Last edited 4 years ago by Casey Ellis
Phil Neray
Phil Neray , VP of Industrial Cybersecurity
InfoSec Expert
August 26, 2019 8:20 pm

A critical infrastructure and industrial cybersecurity firm based in Boston, \”Anyone seen the \’Chernobyl\’ mini-series? In the latest news out of Ukraine, nuclear plant engineers installed unauthorized devices plus an Internet connection in their internal network, which likely went undetected for months or longer, exposing critical infrastructure to potentially catastrophic safety issues. This is a great example of \’trust but verify\’ — even with the strictest policies and regulations in the world, it\’s all theoretical if you aren\’t continuously monitoring for unusual or unauthorized activity.

Last edited 4 years ago by Phil Neray

Recent Posts

Would love your thoughts, please comment.x