There is a malware named CrashOverride, is known to have disrupted only one energy system — in Ukraine in December. In that incident, the hackers briefly shut down one-fifth of the electricity generated in Kiev.
But with modifications, it could be deployed against U.S. electric transfer and distribution systems to devastating effect, said Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that studied the malware and is issuing a report of the Malware on Monday.
And Russian Government hackers have already shown their interests in targeting U.S. energy plants and other utility systems, researchers said.
“It’s the culmination of over decades of theories and attack scenarios,” Caltagirone warned. “It’s a game changer.”
The revelation comes as the U.S. Government is investigating a wide-ranging, ambitious efforts by the Russian government last year to disrupt the U.S. presidential elections and influence its outcome. That campaign employed different methods, including hacking hundreds of political and other organizations, and leveraging social media outlets, U.S. officials said.
The same Russian group that targeted U.S. [industrial control] systems in 2014 turned out the lights in Ukraine in 2015,” said John Hultquist, who analyzed both sets of incident reports while at iSight Partners, a cyber intelligence firm now owned by FireEye, where he is director of intelligence analysis. Hultquist’s teams had dubbed the group Sandworm.
“We believe that Sandworm is tied in some way to the Soviet Union — whether they’re contractors or actual government officials, we’re not sure,” he said. “We believe they are linked to the security service.”
The Department of Homeland Security, which works with the owners of the nation’s critical infrastructure system, did not respond to a request for comment Sunday.
Energy-sector experts said that the new malware is cause for concerns, but that the industry is seeking to develop ways to disrupt attackers who try breach their systems.
“U.S. utilities have been enhancing their cybersecurity, but attacker tools like this one pose a very real risk to efficient operation of power systems,” said Michael J. Assante, who worked at Idaho National Labs and is former chief security officer of the North American Electric Reliability Corporations, where he oversaw the rollout of industry cybersecurity standards.