THE BEST WORK of hackers tends to remain invisible. But when sophisticated intruders broke into the computer networks of regional energy firms in Ukraine in 2015 and cut power to roughly a quarter million people, their tampering didn’t go unnoticed. In this rare instance, the staff of one of those electric utilities managed to capture the hackers’ handiwork on video, which you can watch above.
Two days before Christmas in 2015, engineers at the Prykkarpatyaoblenergo regional energy company in Western Ukraine found themselves locked out of their PCs. More troubling still, their mouse cursors moved of their own accord. The workers watched as hackers methodically clicked on circuit breakers in their grid operation software, each time opening the breakers and cutting power to another swath of the region.
In the process of reporting our cover story on those blackouts— and the larger cyberwar affecting Ukraine—WIRED obtained a video that one of those engineers shot with his iPhone, recording a “phantom mouse” attack as it happened. The PC shown in the video was a test unit, not actually connected to Prykkarpatyaoblenergo’s grid equipment. But hackers used the same attack on every other networked computer connected to the company’s live electric-control systems, spurring six-hours of blackouts that extended to the Ukrainian city of Ivano-Frankivsk.
In WIRED’s investigation of that breach and another blackout that occurred in Ukraine a year later, we’ve tracked the evolution of those hackers: How they’ve graduated to using a digital weapon known as CrashOverride that can trigger Stuxnet-style automated attacks on infrastructure, and how those attacks may just be tests for future operations—perhaps against the United States.