Skip to main content

Cyber firms warn ‘Industroyer’ malware could knock out power grids

malware industroyer critical infrastucture 13920697  high voltage post tower sky background
Gyn9037/123RF
The December 2016 power grid hack in Ukraine that plunged part of that nation’s capital, Kiev, into darkness for several hours was an alarming display of the capabilities of skillful hackers determined to bring chaos to communities by knocking out critical infrastructure.

On Monday, two cyber security companies — Slovakia-based anti-virus software outfit Eset, and American firm Dragos that deals with critical-infrastructure security — claimed to have identified the malware that caused the disturbing power outage.

Recommended Videos

Known by the names Industroyer and Crashoverride, they warned that it could be repurposed with little effort by other groups intent on causing further havoc around the world targeting not only power supply operations, but also water and gas systems, and transportation networks.

Please enable Javascript to view this content

Industroyer is believed to be considerably more advanced than the malware used in another attack on Ukraine’s power grid a year earlier, in December 2015.

Eset said it’s been studying the malware for a number of months and recently shared its data with Dragos, leading it to conclude that it’s same as that used in the Ukraine incident in 2016.

Robert Lee of Dragos suggested this week that the Kiev transmission substation targeted in last year’s incident “may have been more of a proof of concept attack than a full demonstration of the capability in Crashoverride,” though at this stage he said he couldn’t be certain.

Either way, Eset senior malware researcher Anton Cherepanov said the Kiev attack “should serve as a wake-up call for all those responsible for the security of critical systems around the world.”

The researcher described Industroyer as particularly concerning because “it’s capable of controlling electricity substation switches and circuit breakers directly. To do so, it uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems (such as water and gas).”

The work of Eset and Dragos highlights the need for governments around the world to bolster their defenses against highly damaging cyberattacks capable of causing widespread disruption to critical infrastructure. Rather than for monetary gain, such acts of cyberwarfare are often thought to be backed by nation-states as they have the potential to cause chaos within society and reduce a population’s confidence in its own government. It’s not certain who’s behind the Ukraine cyberattacks, though coming during a period of conflict with neighboring Russia has prompted some to suspect it could be the work of hackers based there.

News of the security firms’ discovery led the U.S. Department of Homeland Security to contact all critical infrastructure operators to ensure they are following recommended security procedures, Reuters reported on Monday.

Cherepanov added that hackers “could adapt the malware to any environment, which makes it extremely dangerous.”

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
If you’re on Google’s One AI Premium plan, you now get NotebookLM Plus for free
NotebookLM providing summary of YouTube videos.

As reported by The Verge, Google is bringing the premium features from NotebookLM Plus to its One AI Premium monthly subscription plan. This includes more customization options and higher usage limits, along with extra security.

If you don't know much about NotebookLM, it's been around since 2023, and the Plus plan launched in December last year. It's described as an AI-powered research assistant and note-taking app, but it's not just trained on generic internet content like standard LLMs.

Read more
Computer engineer has a new idea to recover his $765M of buried Bitcoin
A Bitcoin.

Buried in a garbage dump in Wales, U.K., is a hard drive containing Bitcoin worth a colossal $765 million, according to computer engineer James Howells.

Howells accidentally discarded the smartphone-sized drive in 2013, but his local council has repeatedly refused him permission to enter the landfill site and search for it, citing factors such as environmental concerns and arguments over who is the lawful owner of the device now that it’s part of the dump.

Read more
I can’t wait for the OLED MacBook Pro — but there’s bad news for MacBook Air fans
The MacBook Pro 16-inch on a table.

It’s no secret that Apple sometimes waits a little longer than its competitors when it comes to releasing new tech in its products, but that approach often makes the delay worthwhile. Just look at the M4 iPad Pro: rival tablets have had OLED displays for years, but when Apple entered the fray in 2024, its tandem OLED panel blew everyone else out of the water.

I’ve been hoping for a long time that the company will pull a similar move with its best MacBooks, bringing OLED screens to its popular laptops that are far above what anyone else can offer. And now, it looks like there’s some good news and some bad news on that front, and it all depends on whether you’re a fan of the MacBook Pro or the MacBook Air.

Read more