ESET researchers analyzed samples malware – which were detected by ESET as Win32/Industroyer – capable of attacking infrastructure supply electricity.
There is a high probability that this particular malware is involved in the attack against the electricity network energy of Ukraine in December 2016, which led to a one-hour blackout in the country's capital, Kyiv.
"The attack on the Ukrainian electricity grid will have to alert everyone who is responsible for the security of critical systems at the global level, warns Anton Cherepanov, Senior Malware Researcher of ESET.
ESET researchers discovered that Industroyer can directly control electrical substation switches and circuit breakers. It uses bio protocolsengineeringcommunication systems used worldwide for power, transport control systems and other critical infrastructure. The possible effects can range from a simple interruption of the power supply, which will lead to a series of failures, to serious damage to the equipment.
Illustration of its operation Industroyer from ESET
"Industroyer's ability to remain in the system and be able to directly interfere with the operation of industrial infrastructure makes it the most dangerous malicious threat software for industrial control systems from the infamous Stuxnet, which had managed to attack Iran's nuclear program and was discovered in 2010," says Anton Cherepanov.
Detailed information about malware, as well as IOC (Indicators of Compromise) indicators, can be found in the relevant article and an extensive whitepaper on ESET's blog, WeLiveSecurity.com.