Russian Malware CrashOverride Could be Used to Disrupt US Power Grids

Hackers working with the Russian government have created a cyberweapon that can be used to disrupt electrical grids and may be used to target infrastructure in the United States, according to security researchers.

The malware known as CrashOverride was identified and examined by experts working at Dragos, a U.S.-based cybersecurity firm that specializes in developing software for critical infrastructure.

Read: Did Russia Hack U.S. Election? NSA Details Attempts To Compromise Election Systems, Report Says

According to Dragos, CrashOverride could be used against targets in the U.S., primarily U.S. electric transmission and distribution systems. Carrying out the attack would require modifications to the malicious software, but such an effort is within the realm of possibility.

The malware framework has already been used to attack the electric grid of Ukraine. According to Dragos, the malware was used to target transmission stations located in Kiev in 2016—an attack that is believed to have been more a proof of concept rather than a full display of CrashOverride's capabilities.

While that attack may not have showcased the malware in action, Dragos' research revealed some of the effects it could have on a nation's power grid.

Attackers can use CrashOverride to manipulate the settings on the electrical grid's control systems. It can scan for critical parts of the infrastructure, like those that operate the circuit breakers, and manipulate it to stop the flow of electricity.

Read: Did Russia Hack The US Election? Senator Warns Russian Cyberattack Worse Than Reported

CrashOverride contains a wiper feature that erases software on the computer system that gives operators control over circuit breakers, which forces the use of manual function that has to be done on site.

Attackers can use the malware to target multiple locations at the same time with a "time bomb" functionality that could lead to outages in different areas at the same time, putting additional stress on the system. Variants of the malware could also be developed to target other systems, including water and gas—though the group behind the malicious software have not yet pursued those types of attacks.

Despite the current lack of sophistication to perform such attacks, the group behind CrashOverride does not lack in ambition. Dragos reported with "high confidence" that it believes Electrum, the group behind the malware, has direct ties to a team of hackers who attacked infrastructure companies in the U.S. and Europe in 2014 and Ukrainian electric companies in 2015.

The 2015 attack was particularly devastating, leaving 225,000 customers— or about one-fifth of the city of Kiev—without power.

Given what is already known about the Russian intent to meddle in the U.S., including recent reports that Russian military hackers have been behind targeted attacks on election software and hardware makers in the country, Dragos has raised concerns that the malware may at some point be directed at U.S. systems.

However, the security firm assured that such an attack would not be as catastrophic were it to hit inside the U.S. border. Dragos estimates such an attack would likely last hours and not persist more than a few days.