Skip to Content

A Hack Used to Plunge Ukraine Into Darkness Could Still Do Way More Damage

Eight years after Stuxnet, hackers are testing another piece of malware designed to take down critical infrastructure.

Late last year, a cyberattack on Ukraine’s power grid plunged 20 percent of the nation’s capital, Kiev, into darkness. Now security researchers have published details of the malware that they believe may have been used to make that happen.

While the cybersecurity firm ESET won't say that the piece of malware it calls Industroyer is definitely the software that was used to take down Ukraine’s power, it sure looks like the number one suspect: it’s designed to infiltrate a system and then control electricity substation switches and circuit breakers. 

It’s unclear how Industroyer finds its way on to infrastructure computers, but once there it scans the network to find hardware that it can take down. It also reports to its master rather cleverly, sending information to control servers that are hidden using the identify obfuscator known as Tor, and then only communicating outside of regular working hours.

Because the commands it leverages were developed decades ago, they were designed to work on computers that sat in isolation. They were never intended for use in a networked world where hackers could inject malware from a distance, so gaining access to the system makes an awful lot possible—and Wired describes in some detail how some of the potential attacks could work.

Perhaps the most worrying part of the research is the potential capability of the malware in the future. The commands it uses to switch off substations are actually used inside all kinds of infrastructure—not just electricity supply networks but traffic control systems, waterworks, and more—and ESET warns that the code could be repurposed to perform attacks on those kinds of systems, too.

That’s why, in an article describing the malware, ESET’s senior malware researcher, Anton Cherepanov, calls Industroyer the “biggest threat to industrial control systems since Stuxnet.” That piece of malware, you may recall, was famously used to sabotage an Iranian nuclear power plant back in 2009.

The bad news is that these kinds of problems look set to become more widespread. As aging energy systems are connected up to the Internet in a bid to modernize, they are becomingly newly vulnerable in much the same way as Kiev’s grid. The good news, though, as we recently reported, is that many companies are building new technologies to help overcome these problems. Hopefully, they’ll do that rather quickly.

(Read more: ESET, Wired, “Ukraine’s Power Grid Gets Hacked Again, a Worrying Sign for Infrastructure Attacks,” “A Way to Attack Nuclear Plants,” “Patching the Electric Grid”)

Keep Reading

Most Popular

Workers disinfect the street outside Shijiazhuang Railway Station
Workers disinfect the street outside Shijiazhuang Railway Station

Why China is still obsessed with disinfecting everything

Most public health bodies dealing with covid have long since moved on from the idea of surface transmission. China’s didn’t—and that helps it control the narrative about the disease’s origins and danger.

individual aging affects covid outcomes concept
individual aging affects covid outcomes concept

Anti-aging drugs are being tested as a way to treat covid

Drugs that rejuvenate our immune systems and make us biologically younger could help protect us from the disease’s worst effects.

Europe's AI Act concept
Europe's AI Act concept

A quick guide to the most important AI law you’ve never heard of

The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.