Industroyer2 (CrashOverride 2).

A 2022 evolution of the Industroyer/CrashOverride electric-grid malware, attributed by ESET to Sandworm and used in an unsuccessful April 2022 attempt to cut power in a Ukrainian regional utility. サイバーセキュリティの OT / ICS / IoT カテゴリに属します。

A 2022 evolution of the Industroyer/CrashOverride electric-grid malware, attributed by ESET to Sandworm and used in an unsuccessful April 2022 attempt to cut power in a Ukrainian regional utility.

Industroyer2 is a 2022 ICS malware sample attributed by ESET and CERT-UA to Russia's Sandworm group, used in a 8 April 2022 attempt to disrupt a Ukrainian high-voltage substation. It is a leaner, single-target evolution of the 2016 Industroyer / CrashOverride malware that caused a Kyiv power outage. Industroyer2 implements the IEC 60870-5-104 protocol directly, with the target substation's IEC-104 endpoints and addresses hard-coded into the binary, indicating that the operator had performed long-running reconnaissance and obtained engineering data before deployment. The intended outcome — opening circuit breakers in a coordinated manner to cause a regional blackout — was prevented by Ukrainian defenders and ESET researchers in time. The campaign also delivered destructive wipers (CaddyWiper, Industroyer2-paired ORCSHRED/AWFULSHRED/SOLOSHRED scripts) to make recovery harder. Industroyer2 is the clearest public example of state-sponsored grid-targeted malware actually used in a kinetic conflict.

Industroyer2 (CrashOverride 2) に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Industroyer 2, CrashOverride 2。