The forced shutdown of one-fifth of the Ukrainian capital’s power grid last December was caused by a new Russian cyber-weapon called CrashOverride, according to a new report by an American cybersecurity firm.
The weapon, with modifications, could be used to target the United States’ power grid as well, Dragos’ threat intelligence director Sergio Caltagirone said in the document. His comments reflect months of research completed after a Slovak anti-virus firm shared their analysis on CrashOverride with their American counterpart.
A regime sanctioned by Ukraine’s European allies has managed to increase energy production 2.1 percent year-over-year from January to April of this year via nuclear energy, Interfax said earlier in June. Previous bouts of cyber-aggression against Ukraine’s power system have only strengthened Kiev’s resolve to pursue nuclear and renewables energies – a move that would insulate it from Moscow’s geopolitical dance with former Soviet republics.
The new energy independence, supported in the short-term by the importation of coal from third-parties, angers Russia, which controversially annexed the Crimean Peninsula back in 2014. Hackers backed by Moscow have been developing cyber weapons to debilitate Ukraine’s power system as it trends away from Russian reliance.
A number of iterations of the disruptive software have been deployed in the past against a range of targets, lending credence to the report’s conclusion that a modified virus could, with a little bit of elbow grease, affect the U.S. grid. The Stuxnet virus, for example, assumed to be an American-Israeli cyberweapon, disrupted Iran’s nuclear program before the nation signed a deal with Western allies.
“The most important thing to understand though from the evolution of tradecraft is the codification and scalability in the malware towards what has been learned through past attacks,” the report said. Related: Inside The World’s Most Sophisticated Refining Industry
Analysts believe that the perpetrator of the first attack on Ukraine’s power back in December 2015 was the Sandworm team, a group of hackers who have targeted Europe and the United States in the past. An updated version of their most lethal software, Blackenergy 3, was at the root of Ukraine’s initial power crisis.
Fast forward one year to last December, and that same country faced the virus CrashOverride, which could be the hackers’ “silver bullet” weapon, the researchers said. Deployed by Sandworm and a related group known as Electrum, it builds off of the malware capabilities in Stuxnet and the espionage nature of another virus known as Dragonfly. Like Blackenergy 2, the virus connects to the internet, which allows it to leverage systems against themselves in a sophisticated, multi-stage attack.
“Adversaries are getting smarter, they are growing in their ability to learn industrial processes and codify and scale that knowledge, and defenders must also adapt,” the report said.
Over the past few years, the U.S. has made moves to strengthen the national grid’s fortifications, but concerns remain.
“Reliability is reinforced with regular training and events such as the North American grid’s GridEX, where grid operators train for events from hurricanes, to terrorist incidents, to cyber-attacks and how they will respond to such outages,” the report read.
Still, authorities and citizens must remain vigilant. In the internet age, assaults against electric grids are unlikely to diminish any time soon.
By Zainab Calcuttawala For Oilprice.com
More Top Reads From Oilprice.com:
- How A $200,000 Well Could Drastically Change The Oil Industry
- Saudis Overtake U.S. In Recoverable Oil Resources
- Is China Inflating Its EV Sales?