Russian-aligned hackers have built a cyberweapon that can directly control electricity substation switches and circuit breakers — potentially bringing swathes of a country’s population offline and causing massive disruption.
The malware, dubbed “Industroyer,” targets critical power supplies by attacking industrial communications devices used on a power network.
The malware works in four modular parts, said researchers at security firm Eset in a Monday blog post. At its core is a backdoor that allows other components to install, which are remotely controlled by a command server hosted on the Tor anonymity network, making it almost impossible to trace. Hackers can use the malware to carry out a series of “cascading failures,” resulting in forcing offline power supplies and causing damage to equipment.
That’s largely what happened in 2015, when hackers — said to be associated with Russia — attacked a critical power supply in Ukraine, during a time when relations between the two states were fractious after Russia annexed the Crimean peninsula in 2014.
Researchers are now saying that the Industroyer malware was “likely” behind that cyberattack in Ukraine, which left more than 225,000 customers in the dark two days before Christmas.
But the security researchers have warned that the attack may have been a “large-scale test,” and could be easily “refitted to target other types of critical infrastructure.”
“The recent attack on the Ukrainian power grid should serve as a wake-up call for all those responsible for the security of critical systems around the world,” said Anton Cherepanov, a senior malware researcher at Eset.
In areas of high population, researchers say there could be significant harm to vital services, like hospitals and transport.