INDUSTROYER.V2: Old Malware Learns New Tricks

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
On April 12, 2022, CERT-UA and ESET reported that a cyber physical attack impacted operational technology (OT) supporting power grid operations in Ukraine. The attack leveraged different pieces of malware including a variant of INDUSTROYER, a well-known piece of attack-oriented ICS malware originally deployed in December 2016 to cause power outages in Ukraine.

The attack is significant not only because OT-targeted attacks are rare, but also because this is the first instance in which code from broadly known attack-oriented OT malware was redeployed against a new victim. Despite five years of substantial analysis into INDUSTROYER from a variety of researchers, the actor still attempted to repurpose the tool and customized it to reach new targets. INDUSTROYER.V2 (Mandiant’s name for the new variant) reinforces the notion that OT malware can be tailored for use against multiple victims, which has serious implications for other publicly known OT malware families
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top