Concluding
Based on both the theoretical proof as well as the practical proof the sad conclusion is that the Horus scenario can in fact be realized. Furthermore, it’s much easier to exploit now in 2025 then it was back in 2017 when this website was first created. It is possible for an attacker to shut down large parts of entire continental power grids this way. Any power grid with a significant amount of PV installations in place should be considered vulnerable.
Threat actors
Nation states are very likely to be able to execute this attack, especially with vendor cooperation where the default features enable these kind of attacks.
Furthermore skilled individual hackers or ransomware groups should also be considered capable of executing this attack, given the relative ease and frequency with which vulnerabilities have been found in these systems and credentials have been traded and sold on the darkweb.
Expectations
In the worst case scenario an attacker compromises enough devices and manipulates all these devices close to simultaneous causing threshold values to be hit. Powergrids start failing and due to the import and export of power cascading blackouts start occuring. Several other power sources, such as windmills and nuclear power automatically shut down to protect the grid and amplify the attack further. Despite their best efforts power grid regulators are unable to stop the attack. It is only after the sun sets, or when there is no longer enough sunshine for the attack to take place, that the grid may stabilize again. Depending on the authorities way of dealing with this attack, this scenario may keep going for several days or even weeks as configurations which hinder recovery can also be applied to the affected systems. In addition it’s likely that an attack such as this, can also be used to increase the chance of starting electrical fires, depending on how much this chance increases and how many fires would actually start near simultaneously, the final result of the attack may be even worse.
Costs
Using a blackout simulator tool it is possible to estimate the costs of this scenario happening. A 3 hour power outage across Europe, somewhere mid day on June is estimated to cause +/- 4.5 billion euros of damage. We should also consider the impact it may have on human lives, as previous outages (e.g. the Iberian outage) are known to cause problems which sometimes end fatally.
What can we do?
That depends a lot on who you are and what your role is, but any effort to mitigate this issue is much appreciated. An overview of recommendations per actor can be found here.