What is Industroyer and How Does It Attack Power Grids

   The Win32/ Industroyer malware is an innovative type of malware that was created to interrupt and distort working procedures of  Individual Control Systems. More specifically it was designed to disrupt Industrial Control Systems that are used in electrical substations. Those that are behind the   Win32/ Industroyer have a clear understanding and a lot of expertise in Industrial Control Systems. They have a deep understanding of industrial protocols used in electric power systems. Industroyer is an advanced malware that has many components like a backdoor, a data wiper, at least 4 payloads and many other tools. These cyber attackers are experienced  analysts  and they know all the payloads involved ( IEC 60870 - 5 -101 ( aka IEC 101 ), IEC 60870 - 5 - 104 ( aka IEC 104 ), IEC 61850 OLE for Process Control Data Access ( OPC DA ). These are the central elements used in the attacks and it allows them to control electrical circuit breakers.

   The Industroyer backdoors gives these cyber attackers the right to engineer several commands on targeted systems. The C&C S is concealed in the Tor network. It can be set up to be active at a specific time. This makes it hard to detect. The backdoor sets up the launcher element which starts the wiper and payloads. It also puts down a second backdoor that camouflages itself like a trojanized form of the Windows Notepad application. The wiper element is used in the last stage of attack to conceal tracks and make it hard to restore the targeted system.

   Cyber crimes are meant to earn money and this can be done by ransomware , banking trojans, spam, unwanted ads and identity theft. This kind of malware is not meant for earning money. Their main objective here is to damage targeted facilities.