Researchers of ESET, Robert Lipovský and Anton Cherepanov recently presented research on Industroyer2, together with Victor Zhora
Victor Zhora, Deputy Director of Ukraine's State Service of Special Communications and Information Protection (SSSCIP), during the Black Hat conference in Las Vegas. It is the first time that a cybersecurity expert from the Ukrainian government participates in one of the most prestigious cybersecurity research conferences in the world.
Zhora's "significant" presence during ESET's presentation was an additional opportunity for the team of researchers, experts and media to gather detailed information on Ukraine's potential to resist cyber warfare initiated by Russia.
“The Industroyer2 attack was foiled thanks to the quick response of the Ukrainian defenders and CERT-UA. We provided Ukraine with an in-depth analysis of this threat, which, if successful, could have turned into the largest cyberattack since the invasion began. Our researchers continue to collaborate to support CERT-UA's cyber defenses,” he said Robert Lipovský, Principal Malware Researcher at ESET, who presented the Industroyer2 research at Black Hat together with Cherepanov.
Earlier this year, ESET researchers responded to a cyber incident that affected an energy manager in Ukraine. ESET has worked closely with the Ukrainian Computer Emergency Response Team (CERT-UA) to remediate and protect this critical infrastructure network.
The collaboration led to the detection of a new variant of the Industroyer malware that ESET Research, together with CERT-UA, named Industroyer2. Industroyer is a notorious malware that was used in 2016 by the APT Sandworm group to disrupt electricity in Ukraine. In this case, Sandworm attackers attempted to deploy the Industroyer2 malware against high-voltage electrical substations in Ukraine. In addition to Industroyer2, Sandworm has used several families of destructive malware. These consisted of disk cleaning programs for Windows, Linux and Solaris operating systems.
“Since the end of World War II, humanity has never faced challenges as grave as today, with Russia's invasion of Ukraine. However, parallel warfare in cyberspace is an entirely new challenge. The knowledge we have gained from this research should be part of universal common knowledge that helps defend the civilized world from such threats. I would like to express my gratitude to all our partners who continue to support us in this unprecedented war and in our fight for survival,” he added Victor Zhora.
The State Service of Special Communications and Information Protection of Ukraine is a specialized executive authority whose main functions include provision of secure government communications, government courier service, information protection and cyber defense.
Further technical information on Industroyer2, at this link Industroyer2: Industroyer reloaded, while for further details on the presentation of the Black Hat, visit Black Hat 2022 – Cyberdefense in a global threats era su WeLiveSecurity.
