S1004 Industroyer
Industroyer is a sophisticated piece of malware designed to cause an Impact to the working processes of Industrial Control Systems (ICS), specifically ICSs used in electrical substations.1 Industroyer was alleged to be used in the attacks on the Ukrainian power grid in December 2016.2[^CISA Alert (TA17-163A])45
| Item | Value |
|---|---|
| ID | S1004 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 31 May 2017 |
| Last Modified | 21 October 2021 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
References
-
Anton Cherepanov, ESET. (2017, June 12). Win32/Industroyer: A new threat for industrial control systems. Retrieved September 15, 2017. ↩
-
Dragos Inc.. (2017, June 13). Industroyer - Dragos - 201706: Analysis of the Threat to Electic Grid Operations. Retrieved September 18, 2017. ↩
-
CISA. (2017, June 12). Alert (TA17-163A). Retrieved October 22, 2019. ↩
-
Dragos. (2018, October 12). Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved October 14, 2019. ↩
-
Joe Slowik. (2019, August 15). CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack. Retrieved October 22, 2019. ↩