With the assistance of allied hackers, Russia has developed a cyberweapon capable of destroying an electricity grid, US researchers report that such a weapon could be used to upset the American electric system.
The reports say that the devise was used to disrupt energy system in Ukraine December in 2015.
According to the Washington Post, the cyberweapon has the potential to be the most disruptive yet against electric systems that Americans depend on for daily life.
The malware, which researchers have dubbed CrashOverride, is known to have disrupted only one energy system — in Ukraine in December, 2015.
In that incident, the hackers briefly shut down one-fifth of the electric power generated in Kiev.
But with modifications, it could be deployed against US electric transmission and distribution systems to devastating effect, said Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that studied the malware and issued a report on June 12th.
And Russian government hackers have shown their interest in targeting US energy and other utility systems, researchers said.
“It’s the culmination of over a decade of theory and attack scenarios,” Caltagirone warned. “It’s a game changer.”
The revelation comes as the US government is investigating a wide-ranging, ambitious effort by the Russian government last year to disrupt the US presidential election and influence its outcome.
Dragos has named the group that created the new malware Electrum, and it has determined with high confidence that Electrum used the same computer systems as the hackers who attacked the Ukraine electric grid in 2015.
That attack, which left 225,000 customers without power, was carried out by Russian government hackers, other US researchers concluded.
US government officials have not officially attributed that attack to the Russian government, but some privately say they concur with the private-sector analysis.
“The same Russian group that targeted US [industrial control] systems in 2014 turned out the lights in Ukraine in 2015,” said John Hultquist, who analyzed both incidents while at iSight Partners, a cyber-intelligence firm now owned by FireEye, where he is director of intelligence analysis. Hultquist’s team had dubbed the group Sandworm.
“We believe that Sandworm is tied in some way to the Russian government — whether they’re contractors or actual government officials, we’re not sure,” he said. “We believe they are linked to the security services.”
Sandworm and Electrum may be the same group or two separate groups working within the same organization, but the forensic evidence shows they are related, said Robert M. Lee, chief executive of Dragos.
The Department of Homeland Security, which works with the owners of the nation’s critical infrastructure systems, did not respond to a request for comment.