Crash Override: Malware that took down a power grid may have been a test run

Two security firms have released reports about the malware which was used in the December 2016 Ukraine power outage, warning that the partial power outage in Kiev may have been test run; the malware could be leveraged against other countries, including the US.

The malware, dubbed Crash Override in the Dragos report (pdf) and Industroyer in the ESET report (pdf), has nothing to do with espionage and everything to do with cyber-sabotage.

Crash Override, Dragos says, “is the first ever malware framework designed and deployed to attack electric grids.” It could be “leveraged at multiple sites simultaneously.” Dragos founder Robert M. Lee told Reuters, “The malware is capable of causing outages of up to a few days in portions of a nation’s grid, but is not potent enough to bring down a country’s entire grid.”

To read this article in full or to leave a comment, please click here

Network World Security