Industroyer2 - Sandworm's Cyberwarfare Targets Ukraine's Power Grid Again

Delve into a 40-minute conference talk from Black Hat that examines Industroyer2, the latest version of malware designed to trigger electricity blackouts. Explore the technical details of this cyberattack targeting Ukraine's power grid during the Russian invasion, aiming to cause a major blackout affecting over two million people. Learn about the reverse engineering process of Industroyer2 and its comparison to the original Industroyer malware. Discover how this unique malware communicates with electrical substation ICS hardware using industrial protocols, specifically focusing on the IEC-104 protocol implementation in Industroyer2. Gain insights into the attribution of this attack to the Sandworm APT group, linked to Russia's GRU by the US Department of Justice. Presented by Robert Lipovsky and Anton Cherepanov, this talk offers a deep dive into the evolving landscape of cyberwarfare targeting critical infrastructure.

Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid Again