Industroyer / CrashOverride
What is Industroyer / CrashOverride?
Industroyer / CrashOverrideModular ICS malware used in the 2016 Ukraine power-grid attack and updated as Industroyer2 in 2022, capable of speaking native grid protocols to trip substations.
Industroyer (also called CrashOverride) is a modular ICS malware framework first used in December 2016 against a transmission substation in Kyiv, Ukraine, causing a roughly hour-long power outage. Unlike earlier grid attacks, Industroyer directly implemented IEC 60870-5-101, IEC 60870-5-104, IEC 61850, and OPC DA, plus a Siemens SIPROTEC denial-of-service module, allowing it to send native commands to RTUs, IEDs, and protective relays. ESET, Dragos, and several Western governments have attributed Industroyer to the Russian GRU's Sandworm group. A successor, Industroyer2, was discovered in April 2022 during an attempted attack on a Ukrainian energy provider. The framework remains the clearest demonstration that adversaries can build reusable, protocol-aware ICS tooling.
● Examples
- 01
Sending IEC 60870-5-104 control commands to open circuit breakers in a Ukrainian substation.
- 02
Using a SIPROTEC denial-of-service module to crash protection relays during an attack.
● Frequently asked questions
What is Industroyer / CrashOverride?
Modular ICS malware used in the 2016 Ukraine power-grid attack and updated as Industroyer2 in 2022, capable of speaking native grid protocols to trip substations. It belongs to the OT / ICS / IoT category of cybersecurity.
What does Industroyer / CrashOverride mean?
Modular ICS malware used in the 2016 Ukraine power-grid attack and updated as Industroyer2 in 2022, capable of speaking native grid protocols to trip substations.
How do you defend against Industroyer / CrashOverride?
Defences for Industroyer / CrashOverride typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Industroyer / CrashOverride?
Common alternative names include: CrashOverride, Industroyer2.