Industroyer2 (CrashOverride 2).

A 2022 evolution of the Industroyer/CrashOverride electric-grid malware, attributed by ESET to Sandworm and used in an unsuccessful April 2022 attempt to cut power in a Ukrainian regional utility. 它属于网络安全的 OT / ICS / 物联网 分类。

A 2022 evolution of the Industroyer/CrashOverride electric-grid malware, attributed by ESET to Sandworm and used in an unsuccessful April 2022 attempt to cut power in a Ukrainian regional utility.

Industroyer2 is a 2022 ICS malware sample attributed by ESET and CERT-UA to Russia's Sandworm group, used in a 8 April 2022 attempt to disrupt a Ukrainian high-voltage substation. It is a leaner, single-target evolution of the 2016 Industroyer / CrashOverride malware that caused a Kyiv power outage. Industroyer2 implements the IEC 60870-5-104 protocol directly, with the target substation's IEC-104 endpoints and addresses hard-coded into the binary, indicating that the operator had performed long-running reconnaissance and obtained engineering data before deployment. The intended outcome — opening circuit breakers in a coordinated manner to cause a regional blackout — was prevented by Ukrainian defenders and ESET researchers in time. The campaign also delivered destructive wipers (CaddyWiper, Industroyer2-paired ORCSHRED/AWFULSHRED/SOLOSHRED scripts) to make recovery harder. Industroyer2 is the clearest public example of state-sponsored grid-targeted malware actually used in a kinetic conflict.

针对 Industroyer2 (CrashOverride 2) 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: Industroyer 2, CrashOverride 2。