Crashoverride took out electricity in Ukraine’s capital last year and could be repurposed to target U.S. systems
Computer security researchers said Sunday they have discovered the malicious software that knocked out electricity in Ukraine’s capital last year, and warned U.S. companies that the code could be repurposed to disrupt their systems.
The discovery sheds light on an incident that security experts have been watching closely, hoping to understand the risk to the U.S. electrical grid. It follows a 2014 cyber-campaign against the U.S. in which networks at 17 energy companies, including four electric utilities, were compromised.
The malicious software, called Crashoverride, has been analyzed over the past week by Dragos Inc., a Washington, D.C., firm specializing in securing the industrial-control systems in manufacturing plants or power facilities. Robert M. Lee, Dragos’s chief executive, said the software was discovered earlier this year by ESET, a Slovakia-based antivirus vendor. ESET didn’t immediately reply to requests for comment Sunday.