Hackers caused a power outage in Ukraine during holiday season, researchers say, signalling a potentially troubling new escalation in digital attacks.

"This is the first incident we know of where an attack caused a blackout," said John Hultquist, head of iSIGHT Partner's cyberespionage intelligence practice. "It's always been the scenario we've been worried about for years because it has ramifications across broad sectors."

Half of the homes in Ukraine's Ivano-Frankivsk region were left without power for several hours on December 23rd, according to a local report that attributed the blackout to a virus that disconnected electrical substations from the grid. Researchers at iSight on Monday said their analysis of malware found on the systems of at least three regional electrical operators confirmed that a "destructive" cyberattack led to the power outage.

Electrical outages can lead to ripple effects that leave communities struggling with things like transportation and communication, according to security experts who have long warned about the potential for cyberattacks on the power grid.

In this case, the attackers used a kind of malware that wiped files off computer systems, shutting them down and resulting in the blackout, Hultquist said. At least one of the power systems was also infected with a type of malware known as BlackEnergy. A similar combination was used against some Ukrainian media organizations during local elections last year, he said.

A blog post from cybersecurity company ESET also reported that BlackEnergy malware helped deliver the destructive component "in attacks against Ukrainian news media companies and against the electrical power industry."

While ESET's analysis showed the destructive element was "theoretically capable of shutting down critical systems," it said BlackEnergy malware's ability to take control of a system would give attackers enough access to take down the computers. In that case, the destructive element may have been a way to make it harder to get the systems up and running again, according to ESET.