CrashOverRide – The virus that took down part of a power grid

Dragos and ESET have released details about an attack which took down part of a power grid in Kiev in 2016.

ESET calls the malware Industroyer, while Dragos has dubbed it CrashOverRide.

Dragos said it can also confirm that the group behind the attack goes by Electrum.

Electrum has ties to the Sandworm Team, which targeted infrastructure companies in the US in 2014, and Ukraine’s electric utilities in 2015.

“CrashOverRide represents alarming tradecraft and the ability to disrupt operations,” said Dragos.

It said the CrashOverRide malware is a modular framework that targets several points in the industrial control system protocols used by an electric grid.

The malware’s modules open circuit breakers on remote terminal units and force them into an infinite loop, keeping the circuit breakers open – even if grid operators attempt to shut them.

Grid operators can go back to manual operations to mitigate the attack, it said.


“There are concerning scenarios in how this malware can be leveraged to disrupt grid operations that would result in hours of outages at targeted locations,’ said Dragos.

Even though it is not catastrophic, CrashOverRide remains a concerning capability, it added.

Now read: Stupidly easy for hackers to attack Eskom

Latest news

Partner Content

Show comments


Share this article
CrashOverRide – The virus that took down part of a power grid