Editing Industroyer – Crash Override (2016)

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 13: Line 13:
 
|-
 
|-
 
! scope="row"|Method
 
! scope="row"|Method
|Unlike the [[Power_grid_cyberattack_in_Ukraine_(2015)|2015 attack on Ukraine’s power grid]], in which the substation was manually switched off after access to the power grid’s networks had been gained, the Industroyer attack in 2016 was fully automated.<ref name="Ind7">Andy Greenberg, [https://www.wired.com/story/crash-override-malware/ ‘'Crash Override': The Malware That Took Down a Power Grid’] (12 June 2017).</ref> The functionality of this malware was described as a “logic bomb” that could detonate at a time of the attackers’ choice.<ref name="Ind7" /> Similarly to [[Stuxnet_(2010)|Stuxnet]], Industroyer could be programmed to run independently from its operators and function in a network that is not connected to the internet.<ref name="Ind7" />
+
|Unlike the [[Power_grid_cyberattack_in_Ukraine_(2015)|2015 attack on Ukraine’s power grid]], in which the substation was manually switched off after gaining access to the power grid’s networks, the Industroyer attack in 2016 was fully automated.<ref name="Ind7">Andy Greenberg, [https://www.wired.com/story/crash-override-malware/ ‘'Crash Override': The Malware That Took Down a Power Grid’] (12 June 2017).</ref> The functionality of this malware was described as a “logic bomb” that could detonate at a time of the attackers’ choice.<ref name="Ind7" /> Similarly to [[Stuxnet_(2010)|Stuxnet]], Industroyer could be programmed to run independently from its operators and function in a network that is not connected to the internet.<ref name="Ind7" />
   
 
The attackers initially infiltrated the substation by exploiting a vulnerability in Siemens SIPROTEC 4 and SIPROTEC Compact devices, allowing the malware to create a backdoor after gaining access into the industrial system.<ref name="Ind10">Charlie Osborne, [https://www.zdnet.com/article/industroyer-an-in-depth-look-at-the-culprit-behind-ukraines-power-grid-blackout/ ‘Industroyer: An in-depth look at the culprit behind Ukraine's power grid blackout’] (30 April 2018).</ref> In addition to making a copy of the main backdoor, the malware also made one of a backup backdoor, imitated as a “Trojanized” version of Windows Notepad, that would be activated if the first version was uncovered, thus enabling the malware to remain persistent.<ref name="Ind10" /> Then the malware aimed at the industrial hardware, namely the circuit breakers and protection relays of the substation.<ref name="Ind10" />
 
The attackers initially infiltrated the substation by exploiting a vulnerability in Siemens SIPROTEC 4 and SIPROTEC Compact devices, allowing the malware to create a backdoor after gaining access into the industrial system.<ref name="Ind10">Charlie Osborne, [https://www.zdnet.com/article/industroyer-an-in-depth-look-at-the-culprit-behind-ukraines-power-grid-blackout/ ‘Industroyer: An in-depth look at the culprit behind Ukraine's power grid blackout’] (30 April 2018).</ref> In addition to making a copy of the main backdoor, the malware also made one of a backup backdoor, imitated as a “Trojanized” version of Windows Notepad, that would be activated if the first version was uncovered, thus enabling the malware to remain persistent.<ref name="Ind10" /> Then the malware aimed at the industrial hardware, namely the circuit breakers and protection relays of the substation.<ref name="Ind10" />
Line 23: Line 23:
 
|-
 
|-
 
! scope="row"|Result
 
! scope="row"|Result
|Blackout that left a part of the Ukrainian capital, Kiev, and its surrounding area without electricity for more than one hour.<ref name="Ind1" /> The power loss at the time of the cut was estimated as one-fifth of Kiev’s consumption.<ref>BBC News, [https://www.bbc.com/news/technology-38573074 ‘Ukraine power cut 'was cyber-attack'’] (11 January 2017); The National Radio Company of Ukraine, [http://www.nrcu.gov.ua/en/news.html?newsID=42626 ‘Ukraine power cut 'was cyber-attack'’] (11 January 2017).</ref>
+
|Blackout that left a part of the Ukrainian capital Kiev and its surrounding area without electricity for more than one hour.<ref name="Ind1" /> The power loss at the time of the cut was estimated as one-fifth of Kiev’s consumption.<ref>BBC News, [https://www.bbc.com/news/technology-38573074 ‘Ukraine power cut 'was cyber-attack'’] (11 January 2017); The National Radio Company of Ukraine, [http://www.nrcu.gov.ua/en/news.html?newsID=42626 ‘Ukraine power cut 'was cyber-attack'’] (11 January 2017).</ref>
 
|-
 
|-
 
! scope="row"|Aftermath
 
! scope="row"|Aftermath
Please note that all contributions to International cyber law: interactive toolkit are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) (see International cyber law: interactive toolkit:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!
Cancel Editing help (opens in new window)