Industroyer[1] (also referred to as Crashoverride) is a malware framework considered to have been used in the cyberattack on Ukraine’s power grid on December 17, 2016. [2] [3] [4] The attack cut a fifth of Kyiv, the capital, off power for one hour and is considered to have been a large-scale test. [5] [6] The Kyiv incident was the second cyberattack on Ukraine's power grid in two years. The first attack occurred on December 23, 2015.[7] Industroyer is the first ever known malware specifically designed to attack electrical grids. [8] At the same time, it is the fourth malware publicly revealed to target industrial control systems, after Stuxnet, Havex, and BlackEnergy.

Discovery and naming

The malware was discovered by Slovak internet security company ESET. ESET and most of the cybersecurity companies detect it under the name “Industroyer”.[9] [10] Cybersecurity firm Dragos named the malware “Crashoverride”. [8] In 2022, the Russian hacker group Sandworm initiated a blackout in Ukraine using a variant of Industroyer aptly dubbed Industroyer2.[11]

Description

The detailed analysis of Industroyer [12] revealed that the malware was designed to disrupt the working processes of industrial control systems, specifically those used in electrical substations. Industroyer is modular malware; its main components are the following:

See also

References

  1. ^ Spanish Video CCN-CERT STICS Conference 2017. "Video-Youtube". YouTube.((cite web)): CS1 maint: numeric names: authors list (link)
  2. ^ "NPC Ukrenergo official statement". Facebook. 18 December 2016.
  3. ^ Pavel Polityuk, Oleg Vukmanovic and Stephen Jewkes (18 January 2017). "Ukraine's power outage was a cyber attack: Ukrenergo". Reuters.
  4. ^ Cherepanov, Anton (17 June 2017). "Industroyer: Biggest threat to industrial control systems since Stuxnet". www.welivesecurity.com. ESET.
  5. ^ Zetter, Kim (17 January 2017). "The Ukrainian Power Grid Was Hacked Again". Motherboard.
  6. ^ "'Crash Override': The Malware That Took Down a Power Grid". WIRED. Retrieved 22 January 2018.
  7. ^ "Ongoing Sophisticated Malware Campaign Compromising ICS (Update E) | ICS-CERT". ics-cert.us-cert.gov. Retrieved 22 January 2018.
  8. ^ a b Dragos Inc. (12 June 2017). "CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations" (PDF). Dragos.
  9. ^ "Industroyer main backdoor detections". Virustotal. 27 June 2017.
  10. ^ "Industroyer data wiper component detections". Virustotal. 27 June 2017.
  11. ^ Greenberg, Andy. "Russia's Sandworm Hackers Attempted a Third Blackout in Ukraine". Wired. ISSN 1059-1028. Retrieved 13 April 2022.
  12. ^ Cherepanov, Anton (12 June 2017). "WIN32/INDUSTROYER A new threat for industrial control systems" (PDF). www.welivesecurity.com. ESET.

Further reading

Categories