Russian hackers suspected in attack that blacked out parts of Ukraine

“Attribution is difficult and requires time,” said Robert M. Lee, an expert in defending industrial control systems against cyberattacks who teaches at the SANS Institute, a cyber-training organization.

Lee, who also has studied the code used in the attack, noted that analysts have not seen the malware that caused the power outage. Rather, the two sets of malware that they obtained were likely used to gain access to the system and perhaps to erase the attackers’ tracks.

“We’re still missing what caused the attack,” Lee said in a SANS webcast Tuesday.