Industroyer2 (CrashOverride 2).

A 2022 evolution of the Industroyer/CrashOverride electric-grid malware, attributed by ESET to Sandworm and used in an unsuccessful April 2022 attempt to cut power in a Ukrainian regional utility. Относится к категории OT / ICS / IoT в кибербезопасности.

A 2022 evolution of the Industroyer/CrashOverride electric-grid malware, attributed by ESET to Sandworm and used in an unsuccessful April 2022 attempt to cut power in a Ukrainian regional utility.

Industroyer2 is a 2022 ICS malware sample attributed by ESET and CERT-UA to Russia's Sandworm group, used in a 8 April 2022 attempt to disrupt a Ukrainian high-voltage substation. It is a leaner, single-target evolution of the 2016 Industroyer / CrashOverride malware that caused a Kyiv power outage. Industroyer2 implements the IEC 60870-5-104 protocol directly, with the target substation's IEC-104 endpoints and addresses hard-coded into the binary, indicating that the operator had performed long-running reconnaissance and obtained engineering data before deployment. The intended outcome — opening circuit breakers in a coordinated manner to cause a regional blackout — was prevented by Ukrainian defenders and ESET researchers in time. The campaign also delivered destructive wipers (CaddyWiper, Industroyer2-paired ORCSHRED/AWFULSHRED/SOLOSHRED scripts) to make recovery harder. Industroyer2 is the clearest public example of state-sponsored grid-targeted malware actually used in a kinetic conflict.

Защита от Industroyer2 (CrashOverride 2) обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: Industroyer 2, CrashOverride 2.