The power cut that hit part of the Ukrainian capital, Kiev, in December has been judged a cyber-attack by researchers investigating the incident.
The blackout lasted just over an hour and started just before midnight on 17 December.
The cyber-security company Information Systems Security Partners (ISSP) has linked the incident to a hack and blackout in 2015 that affected 225,000.
It also said a series of other recent attacks in Ukraine were connected.
The 2016 power cut had amounted to a loss of about one-fifth of Kiev’s power consumption at that time of night, national energy company Ukrenergo said at the time.
It affected the Pivnichna substation outside the capital, and left people in part of the city and a surrounding area without electricity until shortly after 01:00
The attack took place almost exactly one year after a much larger hack on a regional electricity distribution company. That was later blamed on the Russian security services.
The latest attack has not publicly been attributed to any state actor, but Ukraine has said Russia directed thousands of cyber attacks towards it in the final months of 2016.
‘Not much different’
ISSP, a Ukrainian company investigating the incidents on behalf of Ukrenergo, now appears to be suggesting a firmer link.
It said that both the 2015 and 2016 attacks were connected, along with a series of hacks on other state institutions this December, including the national railway system, several government ministries and a national pension fund.
Oleksii Yasnskiy, head of ISSP labs, said: “The attacks in 2016 and 2015 were not much different – the only distinction was that the attacks of 2016 became more complex and were much better organised.”
He also said different criminal groups had worked together, and seemed to be testing techniques that could be used elsewhere in the world for sabotage.
However, David Emm, principal security Researcher at Kaspersky Lab, said it was was “hard to say for sure” if the incident was a trial run.
“It’s possible, but given that critical infrastructure facilities vary so widely – and therefore require different approaches to compromise the systems – the re-use of malware across systems is likely to be limited,” he told the BBC.
“On the other hand, if a system has proved to be porous in the past, it is likely to encourage further attempts.”
‘Acts of terrorism’
In December, Ukraine’s president, Petro Poroshenko, said hackers had targeted state institutions some 6,500 times in the last two months of 2016.
He said the incidents showed Russia was waging a cyber-war against the country.
“Acts of terrorism and sabotage on critical infrastructure facilities remain possible today,” Mr Poroshenko said during a meeting of the National Security and Defence Council, according to a statement released by his office.
“The investigation of a number of incidents indicated the complicity directly or indirectly of Russian security services.”