Computer experts said to be allied with Russia have created a weapon with the ability to cause major damage to the world’s electrical systems.
Researchers have identified the cyber-weapon as a harmful software program or virus. They say it is designed to interfere with a computer’s normal operations.
The researchers are calling this malware program “CrashOverride” or “Industroyer”. It is known to have affected the electrical system in Ukraine in December 2016. The attack briefly cut off one-fifth of all electric power in Kyiv, the capital.
Interest in attacking U.S. power stations
The cybersecurity business Dragos identified the malware in a report released on June 12. It said Russian government hackers appeared interested in targeting power centers in countries other than Ukraine.
Currently, the malware is able to attack power systems across Europe and Asia. But Dragos said it could be used against the United States. With only “some small modifications,” it could cause power outages of up to a few days in parts of the U.S. electric grid. That information comes from Dragos’ threat intelligence director, Sergio Caltagirone.
The company believes that with other changes, the malware could also attack local transportation providers, water systems, and natural gas suppliers. Researchers say hackers linked to Russia have shown an interest in targeting such infrastructure.
News of the malware’s discovery led the U.S. Department of Homeland Security to make an announcement on June 12. It advised all critical infrastructure operators to make sure they were following suggested rules for security.
Similar malware used in Ukraine in 2015
Dragos identified the group responsible for creating the new malware as “Electrum.” The company said it strongly believes that Electrum used the same computer systems as the hackers who attacked Ukraine's electrical grid in December 2015.
The 2015 attack left 225,000 people without power. U.S. researchers found that Russian government hackers were responsible. That attack was linked to a group called Sandworm, which is said to have ties to the Russian government.
Dragos said that Sandworm and Electrum are either the same group, or two separate groups working within the same organization. Researchers are not sure if they are individuals working for the Russian government or actual government employees.
Like a Swiss Army knife
In the 2016 attack, the malware helped the hackers to get control of Ukraine’s power supply.
Danu Gunter of Dragos told the Washington Post newspaper what was shocking about the CrashOverride malware is that it is part of a “larger framework.” He said that it works like a Swiss Army knife, where you can open the different tools you need to perform different operations. In theory, the CrashOverride malware can be changed to attack different kinds of controls systems.
ESET, a Slovakian research group, collected malware samples from the 2016 attack. The group later shared them with Dragos. ESET has named the malware “Industroyer,” while Dragos is calling it “CrashOverride.”
The malware was specifically designed to cause harm or destroy industrial-control systems. It represents the most powerful threat since Stuxnet, a worm created by the United States and Israel to slow Iran’s nuclear activities.
I’m Phil Dierking.
This story was based on a report from Radio Free Europe/Radio Liberty. Phil Dierking adapted it for VOA Learning English. His story has information from other sources. George Grow was the editor.
How large a threat do you think cyberterrorism is? e want to hear from you. Write to us in the Comments Section or on our Facebook page.
Words in This Story
framework - n. the basic structure of something
grid - n. a network of electrical wires and equipment that supplies electricity to a large area
hacker - n. a person who secretly gets access to a computer system in order to get information, cause damage, etc.
infrastructure - n. the basic equipment and structures (such as roads and bridges) that are needed for a country, region, or organization to function properly
malware - n. software that is intended to damage or disable computers and computer systems.
modification - n. the act or process of changing parts of something