CrashOverride, the malware that sabotaged the electric grid
Researchers from security firms ESET and Dragos have published several reports about the malware that infected a Ukrainian electricity substation and that left thousands of homes in the Kiev region without power supply on 17 December 2016. The malware, called respectively Industroyer and CrashOverride, would be configurable and would be specially designed to exploit some vulnerabilities in four widely used industrial communication protocols in Europe, Asia and the Middle East. The main component of this malware would be a backdoor, which would connect to a remote server to inform the attackers and allow remote execution of commands, and install and control other components to carry out the attack.
References:
- 21/12/2016 theregister.co.uk Energy firm points to hackers after Kiev power outage
- 04/01/2017 certsi.es ¿Nuevo ciberataque a la red eléctrica de Ucrania?
- 12/06/2017 welivesecurity.com Industroyer: Biggest threat to industrial control systems since Stuxnet
- 12/06/2017 motherboard.vice.com The Malware Used Against The Ukrainian Power Grid Is More Dangerous Than Anyone Thought
- 12/06/2017 usatoday.com Malware discovered that could threaten electrical grid
- 13/06/2017 dragos.com CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations
- 13/06/2017 elmundo.es Rusia ha desarrollado un virus informático capaz de paralizar centrales eléctricas
- 13/06/2017 lanacion.com.ar Un ataque informático sería el responsable de un apagón eléctrico en Ucrania