Power plant workers

A December power outage in Ukraine affecting 225,000 customers was the result of a cyber attack, the U.S. Department of Homeland Security said Thursday, marking the first time the U.S. government officially recognized the blackout as caused by a malicious hack.

Security experts had already widely concluded that the downing of utilities in western Ukraine on December 23 was due to an attack, which is believed to be the first known successful cyber intrusion to knock a power grid offline.

The published alert from DHS’s Industrial Control Systems Cyber Emergency Response Team does not confirm attribution of the attack. But U.S. cyber intelligence firm iSight Partners and other security researchers have linked the incident to a Russian hacking group known as “Sandworm.”

DHS said its assessment was based on interviews with six Ukrainian organizations affected by the blackout and said its investigators were not able to independently review technical evidence.

During the attack, hackers remotely switched breakers in a way that cut power after installing malware, DHS said.

The attackers are also believed to have spammed the Ukraine utility’s customer-service center with phone calls in order to prevent real customers from communicating about their downed power, according to a report released last month by Washington-base SANS Inc.