ESET researchers analyzed samples of the malware, detected by ESET as Win32/Industroyer, capable of performing an attack on power supply infrastructure. The malware was most probably involved in the December 2016 attack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for an hour.

“The recent attack on the Ukrainian power grid should serve as a wake-up call for all those responsible for the security of critical systems around the world,” warns Anton Cherepanov, ESET Senior Malware Researcher.

ESET researchers discovered Industroyer is capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure. The potential impact may range from simply turning off power distribution through triggering a cascade of failures, to more serious damage to equipment.

Scheme of Industroyer operation

“Industroyer’s ability to persist in the system and to directly interfere with the operation of industrial hardware makes it the most dangerous malware threat to industrial control systems since the infamous Stuxnet, which successfully attacked Iran’s nuclear program and was discovered in 2010,” concludes Anton Cherepanov.

Additional technical details on the malware, including Indicators of Compromise, can be found in an article and in a  comprehensive white paper at ESET’s blog, WeLiveSecurity.com.