ESET researchers discover Industroyer

ESET researchers discovered the most sophisticated and extremely dangerous malware, Win32/Industroyer that is designed to disrupt critical industrial processes and capable is of performing an attack on power supply infrastructure. The malware is believed to be involved in the December 2016 attack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for an hour.

“Industroyer’s ability to persist in the system and to directly interfere with the operation of industrial hardware makes it the most dangerous malware threat to industrial control systems since the infamous Stuxnet, which successfully attacked Iran’s nuclear program and was discovered in 2010,” warns Anton Cherepanov, Senior Malware Researcher at ESET. “The recent attack on the Ukrainian power grid should serve as a wake-up call for all those responsible for the security of critical systems around the world,”

The new malware uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure. Industroyer is capable of directly controlling electricity substation switches and circuit breakers. The potential impact may range from simply turning off power distribution through triggering a cascade of failures, to more serious damage to equipment.