Skip to main content
I want to support Meduza
  • Share to or

Cyberthreat experts link power grid malware to Russia-connected hackers

Source: Dragos

The hacker group Electrum was involved in the December 17, 2016, cyberattack on a transmission substation in Kiev that interfered with electric grid operations, says a new report by the Dragos information security firm. According to Dragos, Electrum has direct ties to another hacker group called Sandworm Team, which other security analysts have repeatedly accused of working for Russia’s intelligence services.

The report states that hackers developed “the first ever malware framework designed and deployed to attack electric grids.” Dragos named the malware “CRASHOVERRIDE,” finding that its functionality “serves no espionage purpose and the only real feature of the malware is for attacks that would lead to electric outages.” Researchers working with the Slovak anti-virus firm ESET also found that the malware could be “immediately repurposed in Europe and portions of the Middle East and Asia” to disable power grids there.

According to Dragos, Crash Override “could be leveraged at multiple sites simultaneously, but the scenario is not cataclysmic and would result in hours, potentially a few days, of outages, not weeks or more.”

You can read Dragos’ full report here in English.

On December 17, 2016, Kiev suffered interruptions to its power supply, due to failures at one of the city’s electrical substations. As a result, different parts of Kiev were left without electricity for roughly 90 minutes. The power company Ukanegro linked the outages to a hacker attack.

Within a month, cyberthreat experts theorized that the power outages were caused by hacker attacks similar to the December 2015 cyberattack on three power companies in Ukraine — a “revolutionary event for electric grid operations,” in the words of Dragos’ researchers. Ukraine’s National Security Service say the incident was a Russian cyberattack. 

Experts believe that the hackers in December 2016 didn’t intend to inflict serious damage on Ukraine’s power grid and were in fact merely testing their malware.

  • Share to or