Cyber attack news reports that according to U.S researchers, hackers allied to the Russian government have developed a cyberweapon dubbed CrashOverride. It has the potential to disrupt electric systems that many people in the United States depend on entirely for their daily life. It is this same malware that was responsible in the recent cyber attacks , disrupting and briefly shutting down one- fifth of the electric power generated in Kiev, Ukraine in December.
According to Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that studied the malware, said that with probably a few modifications on this malware, these hackers could potentially target the U.S energy transmission and distribution systems and cause a disastrous effect on them.
“It’s the culmination of over a decade of theory and attack scenarios,” Caltagirone warned. “It’s a game changer.” Russian hackers have already shown interest in targeting U.S energy and other utility systems.
This all comes at a point when the U.S is investigating the extent of involvement of the Russian government towards the outcome of the U.S elections last year. Dragos has named the group that created the new malware Electrum, and has determined with high confidence that it used the same computer systems as the hackers who attacked the Ukraine electric grid in 2015. The major cyber attacks, which left 225,000 customers without power, was carried out by Russian government hackers, other U.S. researchers concluded. U.S. government officials have not officially attributed that attack to the Russian government, but some privately say they concur with the private sector analysis.
Russia has developed a cyber weapon that has the potential to disrupt electric systems that many people in the United States depend on.
— The Telegraff News (@omilosimon) July 17, 2017
Cyber attack news states that the malware framework has already been used to attack the electric grid of Ukraine. According to Dragos, the malware was used to target transmission stations located in Kiev in 2016—an attack that is believed to have been more a proof of concept rather than a full display of CrashOverride’s capabilities. Attackers can use the malware to target multiple locations at the same time with a “time bomb” functionality that could lead to outages in different areas at the same time, putting additional stress on the system. Variants of the malware could also be developed to target other systems, including water and gas—though the group behind the malicious software has not yet pursued those types of attacks.
Given what is already known about the Russian intent to meddle in the U.S., including recent reports that Russian military hackers have been behind targeted attacks on election software and hardware makers in the country, Dragos has raised concerns that the malware may at some point be directed at U.S. systems.
However, the security firms assured cyber attack news that such an attack would not be as catastrophic were it to hit inside the U.S. border. Dragos estimates such an attack would likely last hours and not persist more than a few days.
The malware samples were first obtained by ESET, a Slovakian research firm, which shared some of them with Dragos. ESET has dubbed the malware Industroyer.