A malware which has the ability to take down a city’s electrical and power grid has been detected.

Named ‘Industroyer’, the malware was identified after an attack on Kiev in 2016. An analysis by ESET of the malware has found that it is capable of controlling electricity substation switches and circuit breakers directly. This is done using industrial communication protocols used around the world in power supply infrastructure, transportation control systems and other critical infrastructure systems (such as water and gas).

In particular, Industroyer uses protocols in a common fashion, and its core component is a backdoor that attackers use to install and control the components. The malware connects to a remote server to receive commands and to report to the attackers.

It also uses Tor software to communicate privately with command and control servers, while an additional backdoor is designed to regain access to the targeted network in case the main backdoor is detected and/or disabled.

power-station
Industroyer malware detected, linked to Kiev attack

Anton Cherepanov, senior malware researcher at ESET, said: “While being universal, some of the components in analyzed samples were designed to target particular hardware. For example, the wiper component and one of the payload components are tailored for use against systems incorporating certain industrial power control products by ABB, and the DoS component works specifically against Siemens SIPROTECT devices used in electrical substations and other related fields of application”.

ESET acknowledged that while the investigation into the Ukrainian power outage is still ongoing, it was not able to confirm that the Industroyer malware was the direct cause.

Source: Info Security

Read entire post grey  Related Training grey

1 Comment »

Leave your comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s