CrashOverride, the malware that sabotaged the electric grid

Researchers from security firms ESET and Dragos have published several reports about the malware that infected a Ukrainian electricity substation and that left thousands of homes in the Kiev region without power supply on 17 December 2016. The malware, called respectively Industroyer and CrashOverride, would be configurable and would be specially designed to exploit some vulnerabilities in four widely used industrial communication protocols in Europe, Asia and the Middle East. The main component of this malware would be a backdoor, which would connect to a remote server to inform the attackers and allow remote execution of commands, and install and control other components to carry out the attack.


Go top