Two researchers have confirmed that a December 2016 blackout in Ukraine was the result of a hacking campaign that began with spear-phishing attacks carrying malware (see Ukrainian Power Grid Blackout Alert: Potential Hack Attack).
Their findings increase concerns that many industrial control and supervisory control and data acquisition systems remain dangerously vulnerable to hack attacks.