We’ve discovered power-grid-wrecking software

Hackers, believed to be affiliated with Russian Federation, have developed a highly customizable cyberweapon capable of taking down electric grids, according to researchers in a pair of countries and multiple reports.

“The potential impact of malware like this is huge”, said Robert Lipovsky, a researcher who helped draw up the report for Slovakian anti-virus firm ESET.

And Russian government hackers have already shown their interest in targeting US energy and other utility systems, researchers said.

Dragos, which called the malware Crash Override, said that hackers have not used all of its functionalities and modules, and the attack on Ukraine’s power grid in 2016 was more of a proof of concept attack, rather than a full demonstration of the malware’s capabilities. “It’s a game changer.”The revelation comes as the USA government is investigating a wide-ranging, ambitious effort by the Russian government past year to disrupt the US presidential election and influence its outcome”.

The revelation comes as the USA government is investigating a wide-ranging, ambitious effort by the Russian government a year ago to disrupt the US presidential election and influence its outcome.

To read this article in one of Houston’s most-spoken languages, click on the button below.

Security researchers from ESET and Dragos have discovered a brand new malware strain that was specifically built to target equipment installed in power grids, and which has already been deployed in live attacks in Ukraine.

It remains unknown if the Ukrainian power grid attacks were intended as a full-scale digital assault or simply as a test-run, as some experts have suggested in the past. But it may be possible to inspect those commands before they reach legacy hardware by using ICS firewalls or stateful inspection, U.S. CERT says.

The same day the reports were released, the U.S.

Dragos said it can also confirm that the group behind the attack goes by Electrum. But malware that can take out electrical systems or other critical infrastructure is another story.

The modular software is based around is a backdoor that is used by attackers to manage the attack and then installs and controls the other components, connecting to a remote server to receive commands and to report to the attackers.

ESET last week provided samples with Dragos, which said it was able to confirm the malware was used in the Ukraine grid attack.

CrashOverride uses two backdoors to manipulate settings on electric power control systems. The first was Stuxnet, a worm that sabotaged the Iranian nuclear programme, which was thought to have been built by the USA and Israel. The malware, dubbed “Crash Override” or “Industroyer” is able to almost automate attacks on power infrastructure and includes swappable components that allow it to adapt to different utilities.

“Thanks to its ability to persist in the system and provide valuable information for tuning-up the highly configurable payloads, attackers could adapt the malware to any environment, which makes it extremely unsafe”, Cherepanov concludes.

“We are going up a level in the video game here”, she said. “This speaks to a larger effort often associated with nation-state or highly funded team operations”. While this could be avoided with a software patch, it demonstrates that Override doesn’t just use one method of systems exploitation, but a multi-pronged attack. One option causes targeted systems to report incorrect information after an outage has been caused, such as showing a circuit breaker is closed when it’s really open. It functions by opening circuit breakers on RTUs before forcing them into an infinite loop – keeping circuit breakers open even if grid operators try to shut them down. “And in the case of Industroyer, there was no indication in the malware that could point to an attacker – Russian or other”, he added. That could create outages in different areas at the same time.

“There are concerning scenarios in how this malware can be leveraged to disrupt grid operations that would result in hours of outages at targeted locations, ‘ said Dragos“.