translated article states that Black Energy was detected in the network.
Due to the situation that has developed with cyber attacks on power companies, IT-specialists of the airport carried out an inspection of information systems and computer companies. The virus was quickly found and localized, which helped to avoid possible damage to data or damage to the company. This fact was notified State Service of Special Communication and Protection of Ukraine (cert-ua)Ukrainian government sources also made some bold speculation, indicating that the use of Black Energy malware "may indicate a purposeful actions and sabotage on the part of the Russian Federation."
Another quote from Ukrainian government sources indicated that the command and control (C2) server was in Russia.
When working incident response and attack attribution at Rendition Infosec, we always caution clients that attribution is difficult and improper attribution is common. Things are not always what they seem. In this case, the C2 server is in Russia - but that certainly doesn't mean that Russian actors are responsible. The server could be a legitimate business server in Russia that was hacked by a foreign group. It could also be a VPS, payed for via Bitcoin.
Until more supporting evidence is released, it is difficult to conclusively attribute this to Russia. We always recommend that attribution not be made based on IP addresses alone. In fact, unless the Russian hackers want their activity attributed to them, the use of the Russian C2 server points away from Russia being involved. Much better attribution data will likely be collected as part of a larger incident response operation.
One thing is for sure - 2016 is going to be a fun year in Ukrainian cyber security.