BERLIN — A coordinated cyber attack on industrial control systems managing electricity distribution in Germany, Austria, and the Czech Republic caused rolling power outages affecting an estimated 2.3 million households and businesses for between four and nine hours on Tuesday, according to energy operators and government officials.
The attack targeted SCADA (Supervisory Control and Data Acquisition) systems at three regional grid operators simultaneously, using malware variants that security researchers from ESET and CrowdStrike described as a significantly evolved iteration of the Industroyer family of industrial sabotage tools, which were previously linked to Russian state-sponsored threat actors.
Attribution and Response
Neither the German nor Austrian governments have formally attributed the attack to a specific state actor, though senior officials speaking on background pointed to circumstantial indicators consistent with Russian military intelligence. The EU's cyber security agency ENISA activated its emergency response protocol and dispatched technical assistance teams to all three affected countries.
"This is the largest coordinated infrastructure attack on European soil since the 2015 Ukraine grid attack," said Jens Matthias, director of Germany's Federal Office for Information Security (BSI). "The sophistication level tells us this was prepared well in advance by an actor with considerable resources."