A new malware has been detected that has the ability to control breakers and electric circuit breakers from power distribution plants.
Identified by the IT security company ESET, the malware is codenamed “Win32 / Industroyer” and is considered to be “particularly dangerous” due to its capabilities to control circuit breakers and switches of companies that focus on the distribution of energy and also because it can still be used to attack critical infrastructures such as water and gas companies.
The malicious software takes advantage of the communication protocols used by all industrial systems to communicate with each other. During the attack, Industroyer is able to invisibly penetrate corporate networks and turn off power distribution, which could lead to more serious damage to electrical equipment.
Attackers use an existing backdoor and allow them to manage the attack. The method of operation is to install and control all components in the infected systems by connecting to a remote server where it receives and sends information from the attackers.
Malware has the ability to remain invisible within the infected systems and has a feature that allows you to erase any traces of infection after completing the job.
“Persistence and direct interference with industrial systems make Industroyer one of the most dangerous malware since stuxnet, which successfully attacked Iran’s nuclear program and was discovered in 2010,” said Anton Cherepanov, a Senior Researcher Malware Specialist at ESET.
The security company believes that the attack occurred in December of last year on the Ukrainian power grid, which left Kiev without light for an hour, may have been caused by the use of the Industroyer.