Researchers: Hackers develop highly customizable cyberweapon aimed at electric grids

ajc.com

Credit: Justin Sullivan

Credit: Justin Sullivan

Hackers, believed to be affiliated with Russia, have developed a highly customizable cyberweapon capable of taking down electric grids, according to researchers in a pair of countries and multiple reports.

>> Read more trending news

Researchers say the malware, dubbed CrashOverride or Industroyer, is the first ever designed to attack electric grids, specifically. It has no capabilities geared toward espionage, U.S.-based security firm Dragos Inc. said in a report issued Monday.

CrashOverride in its current form can be easily re-purposed for use in Europe and parts of the Middle East and Asia, according to Dragos. It has already been used once before – in December, when it was used to briefly shut down one-fifth of the electric grid in Kiev, Ukraine, according to The Washington Post. It's not clear who was behind that attack, although Ukrainian officials blamed Russia, Reuters reported. Officials in Moscow have denied any involvement.

“With a small amount of tailoring … (CrashOverride) would also be effective in the North American grid,” according to Dragos.

Both Dragos and Slovakian anti-virus firm ESET have issued alerts to governments and infrastructure operators in an effort to prepare them for the possible threat CrashOverride poses, according to Reuters.

"The malware is really easy to re-purpose and use against other targets. That is definitely alarming," ESET malware researcher Robert Lipovsky told Reuters. "This could cause wide-scale damage to infrastructure systems that are vital."

Dragos founder Robert M. Lee told the wire service that while CrashOverride can cause portions of a nation’s electric grid to go down for several days, it is not currently powerful enough to bring down the entirety of a country’s grid.

Still, Sergio Caltagirone, director of threat intelligence for Dragos, described the cyberweapon as “a game charger” in an interview with The Post.

“It’s the culmination of over a decade of theory and attack scenarios,” Caltagirone said.

CrashOverride is just the second malware discovered that was created with the intent to disrupt physical systems, Wired reported. The first known malware created with such a purpose was the 2010 Stuxnet virus, used by the U.S. and Israel to attack Iran's nuclear program.

“The potential impact here is huge,” Lipovsky told Wired. “If this is not a wakeup call, I don’t know what could be.”