ESET researchers analyzed samples of the malware, detected by ESET as Win32/Industroyer, capable of performing an attack on power supply infrastructure. The malware was most probably involved in the December 2016 attack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for an hour.
“The recent attack on the Ukrainian power grid should serve as a wake-up call for all those responsible for the security of critical systems around the world,” warns Anton Cherepanov, ESET Senior Malware Researcher.
ESET researchers discovered Industroyer is capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure. The potential impact may range from simply turning off power distribution through triggering a cascade of failures, to more serious damage to equipment. Scheme of Industroyer operation“Industroyer’s ability to persist in the system and to directly interfere with the operation of industrial hardware makes it the most dangerous malware threat to industrial control systems since the infamous Stuxnet, which successfully attacked Iran’s nuclear program and was discovered in 2010,” concludes Anton Cherepanov. Additional technical details on the malware, including Indicators of Compromise, can be found in an article and in a comprehensive white paper at ESET’s blog, WeLiveSecurity.com.
About ESET
Since 1987, ESET® has been developing record award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 200 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.
The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore. ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia). ESET Middle East has its regional office in Dubai Internet City and manages an extensive partner network in 11 countries: United Arab Emirates, Saudi Arabia, Kuwait, Qatar, Oman, Bahrain, Yemen, Lebanon, Jordan Egypt and Libya. More information is available via www.eset.com/me