As of January, it was not clear whether the Ukrainian power outages had been caused by an “Off-net Operation,” similar to Stuxnet, where malware sent “Open” commands to breakers autonomously without a human operator involved, or an “On-net Operation,” where human attackers exerted direct control over the affected systems in real time. Since our last Advisory, two reports have been released that make it clear this was an “On-net Operation,” and it was carried out using relatively unsophisticated tools and tactics, but using them as part of a very sophisticated, highly synchronized and coordinated attack.