Uncovering the Remote Access Trojan (RAT) Behind the Ukraine 2015 Cyberattack

    skycentral.co.uk | Uncovering the Remote Access Trojan (RAT) Behind the Ukraine 2015 Cyberattack

    <span class="glossary-tooltip glossary-term-9617"><span class="glossary-link"><a href="https://skycentral.co.uk/glossary/uncovering-the-remote-access-trojan-rat-behind-the-ukraine-2015-cyberattack/">Uncovering the Remote Access Trojan (RAT) Behind the Ukraine 2015 Cyberattack</a></span><span class="hidden glossary-tooltip-content clearfix"><span class="glossary-tooltip-text"><br /> <br /> <br /> Uncovering the Remote Access Trojan (RA...</span></span></span>

    Uncovering the Remote Access Trojan (RAT) Behind the Ukraine 2015 Cyberattack

    The Cyberattack

    In December 2015, a cyberattack targeted the electric power grid in Ukraine, causing a widespread blackout. The attack was carried out using a Remote Access Trojan (RAT) that allowed the attackers to gain unauthorized access to critical systems and disrupt the power supply.

    The Remote Access Trojan (RAT)

    The RAT used in the Ukraine cyberattack was identified as BlackEnergy. It is a sophisticated malware tool that allows attackers to remotely control infected systems and steal sensitive information. BlackEnergy has been linked to various cyberattacks around the world and is known for its destructive capabilities.

    How BlackEnergy Works

    BlackEnergy is typically spread through phishing emails or by exploiting vulnerabilities in software. Once installed on a system, it allows attackers to execute commands, exfiltrate data, and carry out destructive actions. The malware is designed to evade detection and maintain persistence on infected systems.

    The Ukraine Cyberattack

    In the case of the Ukraine cyberattack, BlackEnergy was used to infiltrate the electric power grid’s control systems and disrupt operations. The attackers were able to remotely shut down critical infrastructure, leading to a widespread blackout and significant disruptions for thousands of people.

    Attribution and Response

    Following the Ukraine cyberattack, security researchers and government agencies conducted investigations to uncover the perpetrators. While the identity of the attackers remains unknown, there is widespread belief that the attack was state-sponsored. In response, Ukraine and other countries have taken steps to bolster their cybersecurity defenses and improve incident response capabilities.


    The Ukraine cyberattack highlighted the destructive potential of Remote Access Trojans like BlackEnergy. As cyber threats continue to evolve, it is essential for organizations and governments to stay vigilant and implement robust security measures to protect critical infrastructure from future attacks.