'State-sponsored' hackers targeted EirGrid electricity network in 'devious attack'
The company that manages the country's electricity grid was targeted by "state-sponsored" hackers, leaving its network exposed to a "devious attack".
The hackers, using IP addresses sourced in Ghana and Bulgaria, gained access to a Vodafone network used by Irish operator EirGrid in the UK, the Irish Independent can reveal.
Following the original attack in April hackers then compromised the routers used by EirGrid in Wales and Northern Ireland.
They did this by installing a virtual wire tap on the system so that they had access to all of unencrypted communications sent to and from the companies.
The breach was discovered last month, but sources say it is still not known if any malicious software was secreted onto EirGrid's control systems.
State-owned EirGrid manages and operates the electricity transmission grid across the island of Ireland. EirGrid moves wholesale power around the country. A breach of the system could result in power outages across the island.
Malware has previously been used in the Ukraine by suspected Russian hackers to cause major national power outages.
The Irish Independent has learned that the hack came to light after a tip-off from Vodafone and the National Cyber Security centre in the UK to EirGrid.
The original breach took place on April 20 and lasted just short of seven hours.
A source said that both Vodafone and the National Cyber Security Centre believed it was a "state-sponsored attack".
The breach of the Vodafone network allowed the hackers to create a type of wire tap known as Generic Routing Encapsulation (GRE) to tunnel into EirGrid's Vodafone router located in Shotton.
Household customer information was not stored on the EirGrid computers but information pertaining to commercial customers would have been transferred over the compromised network.
David Martin, spokesperson for EirGrid Group, said: "We are aware of the currently reported focus on energy companies and national infrastructure and wish to state that our computer systems have not been breached."
A spokesman for Vodafone said it did not comment on specific security incidents.
"In such cases we always work closely with the relevant authorities to investigate and take immediate actions to contain the issue and protect our customers," he said.