We reported a few months ago that Russian hackers were able to shut down a Ukrainian power grid, leaving over 200,000 people without electricity. That malware, named CrashOverride, can be modified to attack the US power grid.
Malware designed specifically to disrupt power is rare. CrashOverride is actually only the second such malware, the first being Stuxnet, which was a joint creation between the US and Israel to interfere with Iran’s nuclear project.
CrashOverride is troubling because it allows the hackers behind it to use a number of hacking tools that are built into it. As in the Ukrainian incident, hackers could take direct control of systems once the malware was in place. It can also be configured to go against a number of different utility control types.
It’s long been known that Russian hackers have been interested in disrupting American energy systems and other critical infrastructure. The attack on Ukraine could almost be considered a test. Though that attack has not been attributed to Russian by the US government, private cybersecurity firms feel pretty certain that it was.
Two names have been associated with the Ukraine attack: Electrum and Sandworm. It’s either a case of one group with two names or two groups that work closely together. Either way, they also targeted American industries in 2014. With a known threat looming, US utilities are on their toes trying to stay ahead of the game and up-to-date with their cybersecurity.