Monday, April 28, 2025
HomeMalwareDangerous Malware detected that is capable of Controlling Electric Power Systems

Dangerous Malware detected that is capable of Controlling Electric Power Systems

Published on

SIEM as a Service

Follow Us on Google News

In 2016 A power lockout in Ukraine’s capital Kiev last was caused by a cyber attack and this malware can do the same. Security specialists say it is highly feasible that Industroyer was utilized in the December 2016 attack on the Ukrainian power system.

This Dangerous malware, recognized by ESET security specialists and Dragons Inc named as Win32/Industroyer, this malware can do enormous damage to electric power systems and furthermore capable of targeting other Critical infrastructures.

Industroyer is proficient for controlling power substation switches and circuit breakers specifically. By having control over the switches they can dispatch scope of attacks beginning from turning of energy circulation to serious damages.

- Advertisement - Google News
Dangerous Malware Industroyer capable of Controlling Electric Power Systems
Credits: ESET

Industroyer not using any vulnerabilities or exploiting Zero days to do these malicious activities. It lies in the way that it utilizes protocols in the way they were intended to be used.

Also read Ukrainian Artillery Tracked Using Android Malware implant By Russian Hackers

The issue is that these protocols were designed decades back and their correspondence protocols were not designed security as a primary concern.

What’s special with Industroyer apart from other infrastructure Malware’s

It consists of a backdoor utilized by attackers to speak with command and control servers and to manage the attack.

Security experts say “Industroyer installs four payloads to get direct control of switches and circuit breakers. Each of these components targets particular communication protocols specified in the following standards: IEC 60870-5-101, IEC 60870-5-104, IEC 61850, and OLE for Process Control Data Access (OPC DA)”.

Dangerous Malware Industroyer capable of Controlling Electric Power Systems
                                                        Module overview  Credits: ESET

These payloads objective is to map the network and then to attack specific industrial control devices. This shows the in-depth knowledge of the payload developer.

You can refer to the Whitepaper published by ESET for Technical Analysis.

This malware suspects to have some advanced features and experts suspect what happened is a trial run before a major attack.

The most attractive feature of this backdoor is that attackers can define a particular hour of the day when the backdoor will be active.

All the C&C servers utilized by this backdoor are running Tor Software to guarantee their Anonymity.This makes network analysis more complex.

Shodan founder John Matherly‏ says More than 100,000 industrial control systems are connected to the Internet at the moment.

Also Read Your Heart Beat As a Password -Smart or Stupid?

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat...

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...

Fog Ransomware Reveals Active Directory Exploitation Tools and Scripts

Cybersecurity researchers from The DFIR Report’s Threat Intel Group uncovered an open directory hosted...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

Advanced Multi-Stage Carding Attack Hits Magento Site Using Fake GIFs and Reverse Proxy Malware

A multi-stage carding attack has been uncovered targeting a Magento eCommerce website running an...

Hannibal Stealer: Cracked Variant of Sharp and TX Malware Targets Browsers, Wallets, and FTP Clients

A new cyber threat, dubbed Hannibal Stealer, has surfaced as a rebranded and cracked...