Crashoverride

Malware updated 4 months ago (2024-05-04T16:23:23.975Z)

Download STIX

Preview STIX

CrashOverride, also known as Industroyer, is a notorious malware that was leveraged in 2016 to disrupt Ukraine's power grid at the transmission substation level. This malicious software, believed to be state-sponsored by Russia, manipulated Industrial Control Systems (ICS) equipment through the abuse of legitimate ICS protocols, causing significant physical damage to electric grid operations. The malware was unique in its ability to operate automatically, without the need for attackers to maintain "hands on the keyboard" during the attack, making it a potent tool for widespread disruption. In the landscape of ICS-specific malware, CrashOverride was one of the early variants with specific references to industrial processes, following predecessors such as Stuxnet and Havex, and preceding others like Trisis and Industroyer2. It was designed to cause more than just digital havoc; it had the potential to lead to significant physical damage and even loss of human life, a consequence not seen in previous disruptive attacks. Notably, the malware was specifically engineered to function within electrical substation facilities, demonstrating its targeted nature. Despite the development of other sophisticated ICS-specific malware over the years, such as the CosmicEnergy and Caddy Wiper, CrashOverride continues to pose a threat. As recently as 2022, the Sandworm Team attempted to disrupt Ukrainian energy providers using Industroyer and other malware. However, experts have pointed out that while newer threats like CosmicEnergy may bear similarities to CrashOverride, they do not possess the same full-fledged attack capabilities, underscoring the enduring relevance and potency of the 2016 malware.

Description last updated: 2024-04-30T21:17:05.707Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Industroyer	2	Industroyer, also known as CrashOverride, is a potent malware specifically designed to target Industrial Control Systems (ICS) used in electrical substations. It first gained notoriety for its role in the 2016 cyberattack on Ukraine's power grid, which resulted in a six-hour blackout in Kyiv. The ma

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ics

Malware

Dragos

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Havex	Unspecified	2	Havex, also known as Dragonfly or the Energetic Bear RAT, is a prominent threat actor in the cybersecurity landscape. First spotted in 2013, Havex was part of a broad industrial espionage campaign that specifically targeted Supervisory Control and Data Acquisition (SCADA) and Industrial Control Syst

Source Document References

Information about the Crashoverride Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	4 months ago	To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware
CERT-EU	6 months ago	Operational Technology Threats - ReliaQuest
CERT-EU	a year ago	CosmicEnergy’s threat to critical infrastructure in dispute
DARKReading	a year ago	A Brief History of ICS-Tailored Attacks
DARKReading	a year ago	5 Critical Components of Effective ICS/OT Security
MITRE	2 years ago	XENOTIME Threat Group \| Dragos
CERT-EU	a year ago	CosmicEnergy ICS Malware Poses No Immediate Threat, but Should Not Be Ignored
MITRE	2 years ago	EKANS Ransomware and ICS Operations \| Dragos Dragos
CERT-EU	2 years ago	2022 a breakthrough year for malware targeting critical infrastructure
CERT-EU	2 years ago	Cyberattacks on Industrial Control Systems Jumped in 2022
MITRE	2 years ago	ELECTRUM Threat Group \| Dragos