ESET researchers analyzed malware samples – detected by ESET as Win32/Industroyer – capable of attacking infrastructure supply electricity.
There is a high probability that this particular malware is involved in the attack against Ukraine's electricity grid in December 2016, which led to vacation electricity in the country's capital, Kiev, for an hour.
"The attack on the Ukrainian electricity grid will have to alert everyone who is responsible for the security of critical systems at the global level, warns Anton Cherepanov, Senior Malware Researcher by ESET.
ESET researchers discovered that Industroyer can directly control electrical substation switches and circuit breakers. It uses industrial communication protocols used worldwide for power, transport control systems and other critical infrastructure. The possible effects can range from a simple interruption of the power supply, which will lead to a series of failures, to serious damage to the latest technology equipment.
Illustration of its operation Industroyer from ESET
"Industroyer's ability to remain in the system and be able to directly interfere with the operation of industrial infrastructure makes it the most dangerous malware threat to industrial control systems since the famous stuxnet", which had managed to attack Iran's nuclear program and was discovered in 2010", says Anton Cherepanov.
Detailed information about malware, as well as IOC (Indicators of Compromise) indicators, can be found in the relevant article and an extensive whitepaper on ESET's blog, WeLiveSecurity.com.