A new strain of malware is responsible for a computer malfunction that triggered a power outage in Ukraine last year, according to security firms, who believe that it could be used to disrupt power grids in the US and elsewhere.
The malicious software, codenamed Crash Override, is the second malware program that can disable industrial systems like power plants, according to a report from the software security firm Dragos. The first, called Stuxnet, was reportedly developed by the US government and successfully used to disable parts of the Ukranian power grid in 2015.
It's unclear who is behind the Crash Override attack, which took place last December. Ukrainian officials have accused Russia of orchestrating it, which Moscow has denied, Reuters reported. Dragos identified a hacker cell known as Electrum as the malware's authors, and it suspects that the group is related to the Sandstorm hackers responsible for the 2015 attack.
Crash Override works by hijacking a power plant's computers in order to create a software loop that forces its circuit breakers to stay open, thereby taking the plant offline, according to the Dragos report. The only way to stop it is for a repair crew to manually assume control of the breakers to close them. Crash Override's methods could likely work for any power station with computer-controlled breakers, and could even be expanded to affect other industrial plants.
"It's a nightmare," Dragos CEO Robert Lee told the Daily Beast. "The malware in its current state would be usable for every power plant in Europe. This is a framework designed to target other places."
The North American Electric Reliability Corp., the industry group responsible for power grid security in the US, said that is aware of the malware and working with its member companies to come up with a defense, according to the Daily Beast.