The malware that was used to shut down part of Ukraine’s power grid in December is more sophisticated and dangerous than cybersecurity experts previously thought.
Experts who examined the cyber weapon describe it as a malicious toolkit that easily can be turned against the U.S. power grid with a “little tweaking,” Vice reported. Disturbingly, the attackers only used part of the Industroyer/CrashOverride malware in their attack.
“There’s a ton of functionality in this that was never used in Ukraine,” Robert M. Lee of infrastructure security company Dragos said of the weapon. “This suggests it was being prepared for use at multiple sites.”
Lee believes that Industroyer/CrashOverride can cause blackouts in the United States with only slight changes. He made that conclusion after examining the malicious code used to construct the weapon.
Experts like Lee are concerned because the only purpose of Industroyer/CrashOverride is to sabotage or destroy power systems and industrial equipment. The malware was deliberately designed to shut down or damage the electrical grid.
“There is no function in this malware that you could use for espionage,” Lee told Motherboard. “So there is zero reason to position this anywhere where you weren’t going to attack.”
Cybersecurity experts collected samples of the Industroyer/CrashOverride code after a blackout shut off electricity to tens of thousands of people in the Ukrainian capital of Kiev in December. The analysts believe the malware was being tested on Ukraine’s grid in order to to knock out electrical service around the world.
“The way this framework is built, it would be very easy to … replay this against portions of the U.S. grid,” Lee said.
What do you think? Share your thoughts in the section below: