Malware Capable of Shutting Down Electric Grids Confirmed

Malware was recently identified that appears to have been designed and deployed by a nation-state to target and shut down electric grids.

According to published reports, this malware currently appears to be capable of attacking the European grids, and parts of the Middle East and Asia grids, by targeting the specific industrial control system (ICS) network protocols used to operate those grids. [1] With small modifications, the malware reportedly also appears to be capable of attacking the North American power grid, as well as other industries that use ICS networks (e.g., oil, gas, water, data) around the globe.

The malware, called “CrashOverride” or “Win32/Industroyer,” appears to pose the most significant cyber-based threat to a physical industrial process since the Stuxnet malware was reportedly used in 2009 to physically damage Iranian uranium enrichment centrifuges. A report issued by a cybersecurity firm earlier this week analyzed the malware and found that it is very likely the same type of malware that shut down portions of the Ukraine electric grid in December 2016. The purpose of the malware seems to be limited to causing power outages. Notably, the malware is also reportedly capable of delaying restoration actions, including by erasing ICS network software, and deleting traces of the malware after the attack, preventing effective forensics.

Download PDF Back To Listing
Loading data