PARIS – Researchers have found a troubling new form of power grid-wrecking software, tying the discovery to a recent Ukrainian blackout in two reports published Monday.

The malicious software has the ability to remotely sabotage circuit breakers, switches and protection relays, the reports say, a nightmare scenario for those charged with keeping the lights on.

“The potential impact of malware like this is huge,” said Robert Lipovsky, a researcher with Slovakian anti-virus firm ESET, which first obtained the rogue program. “It’s not restricted to Ukraine. The industrial hardware that the malware communicates with is used in critical infrastructure worldwide.”

Policy makers have long worried over programs that can remotely sabotage industrial systems because of their potential to deal catastrophic damage across the internet. Examples of hackers being able to turn off the lights were once confined to the movie screens, but that is slowly changing. In 2010 researchers discovered Stuxnet, a groundbreaking piece of malware apparently designed to sabotage Iran’s nuclear program by sending its centrifuge machines spinning out of control. In 2015, a cyberattack left upward of 200,000 people without power in Ukraine.



ESET’s report deals with malware tied to a more modest outage reported to have hit a transmission facility outside in Kiev on the night of Dec. 17, 2016. Ukrainian officials have previous described the incident as a cyberattack, but ESET’s report — along with another write-up by the respected Maryland-based industrial cybersecurity firm Dragos — add a wealth of technical details, showing how the malware could flip circuit breakers on and off with a string of code before mass-deleting data in a bid to cover its tracks.

The level of sophistication needed to write code for the generally obscure industrial controllers that operate the world’s electrical grids suggests a group of hackers well versed in the field and with the resources to test their creations in the lab, ESET said.

Lipovsky, the researcher, declined to be drawn on who might be behind the malware, although Ukrainian officials have in the past laid the blame for such intrusions on Russia. Ukrainian officials didn’t immediately return a message seeking comment on the report.

For others in the field, the discovery highlighted the often-discussed dangers of connecting poorly defended industrial computers to the internet.

Possibly not good when existing malware can shut down electricity in Europe and U.S. “with small modifications.” https://t.co/Q5iTmB1boC — Joseph Menn (@josephmenn) June 12, 2017



“The vast majority of industrial control system networks around the world are not protected,” said Galina Antova, the co-founder of infrastructure security firm Claroty.

Ordinary hacking can be disruptive enough, but when something like a power grid is involved, “the impact is much, much more significant.”

RAPHAEL SATTER