Named either “Industroyer” or “Crash Override,” researchers at Internet security company ESET, announced today that a December 2016 power failure in Kiev, Ukraine, was most likely the result of this malware program. “Industroyer is a particularly dangerous threat,” writes Anton Cherepanov, “since it is capable of controlling electricity substation switches and circuit breakers directly. To do so, it uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems (such as water and gas).” This power outage struck mysteriously a year after a similar one happened across the country nearly exactly a year before in 2015.
“Thanks to its ability to persist in the system and provide valuable information for tuning-up the highly configurable payloads, attackers could adapt the malware to any environment, which makes it extremely dangerous.” —”Industroyer: Biggest threat to industrial control systems since Stuxnet,” by Anton Cherepanov, WeLiveSecurity by ESET
“That’s largely what happened in 2015, when hackers — said to be associated with Russia — attacked a critical power supply in Ukraine, during a time when relations between the two states were fractious after Russia annexed the Crimean peninsula in 2014.” —”Russian malware ‘likely’ to blame for Ukrainian power grid attack,” by Zack Whittaker, ZDNet
“But with modifications, it could be deployed against U.S. electric transmission and distribution systems to devastating effect, said Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that studied the malware and issued a report on Monday.” —”Russia has developed a cyberweapon that can disrupt power grids, according to new research,” by Ellen Nakashima, The Washington Post
“Like Stuxnet, attackers could program elements of Crash Override to run without any feedback from operators, even on a network that’s disconnected from the internet—what Lee describes as a ‘logic bomb’ functionality, meaning it could be programmed to automatically detonate at a preset time. From the hacker’s point of view, he adds, ‘you can be confident it will cause disruption without your interaction.’ ” —”Crash Override: The Malware that Took Down a Power Grid,” by Andy Greenberg, Wired
