{ "id": "027775c4-cfb0-4fa0-a3ba-3684fbd52b2f", "created_at": "2026-04-06T00:18:28.837153Z", "updated_at": "2026-04-10T13:12:25.36625Z", "deleted_at": null, "sha1_hash": "fd51ad86abfee1c58e43ef674b1aff05d9fb8868", "title": "biggest threat to industrial control systems since Stuxnet", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 78149, "plain_text": "biggest threat to industrial control systems since Stuxnet\r\nArchived: 2026-04-05 13:23:31 UTC\r\nLast-minute paper: Industroyer: biggest threat to industrial control systems since\r\nStuxnet\r\nThursday 5 October 14:30 - 15:00, Green room\r\nAnton Cherepanov (ESET)\r\nRobert Lipovsky (ESET)\r\nIndustroyer is the first ever malware specifically designed to attack power grids. This unique and extremely\r\ndangerous malware framework was involved in the December 2016 blackout in Ukraine. What sets Industroyer\r\napart from other malware targeting infrastructure, such as BlackEnergy (a.k.a. SandWorm), is its ability to control\r\nswitches and circuit breakers directly via four different industrial communication protocols.\r\nOur talk will cover a detailed analysis of Industroyer's malicious payloads that directly interfere with the targeted\r\nindustrial control systems, as well as supporting modules responsible for command \u0026 control communication,\r\npersistence, and so on.\r\nIn addition to explaining why Industroyer can be considered the biggest threat to industrial control systems since\r\nthe infamous Stuxnet worm, we will take a look at the 2016 power outage in the context of the other numerous\r\ncyber attacks against Ukrainian critical infrastructure in the recent years, some of which were covered in our\r\nprevious Virus Bulletin talks.\r\nWe will also assess the attackers' motivations and what this threat means to utilities around the world. As the\r\nprotocols and hardware targeted by Industroyer are employed in power supply infrastructure, transportation\r\ncontrol systems, and other critical infrastructure systems, like water and gas, worldwide, the malware can be re-purposed to target vital services in other countries. This discovery should serve as a wake-up call for those\r\nresponsible for the security of these critical systems.\r\nhttps://www.virusbulletin.com/conference/vb2017/abstracts/last-minute-paper-industroyer-biggest-threat-industrial-control-systems-stuxnet/\r\nPage 1 of 2\n\nAnton Cherepanov\r\nAnton Cherepanov graduated from the South Ural State University in 2009. Currently working at ESET\r\nas a malware researcher, his responsibilities include the analysis of complex threats. His research has\r\nbeen presented at numerous conferences, including Virus Bulletin, CARO Workshop, PHDays, and\r\nZeroNights. His interests focus on IT security, reverse engineering and malware analysis automation.\r\nRobert Lipovsky\r\nRobert Lipovsky is Senior Malware Researcher in ESET's Security Research Laboratory, having\r\nworked for ESET since 2007. He is responsible for malware intelligence and research and leads the\r\nMalware Research team in Bratislava. He is a regular speaker at security conferences, including Virus\r\nBulletin, EICAR, and CARO. He runs a reverse engineering course at the Slovak University of\r\nTechnology, his alma mater, and the Comenius University. When not bound to a keyboard, he enjoys\r\nsports, playing guitar and flying an airplane.\r\nSource: https://www.virusbulletin.com/conference/vb2017/abstracts/last-minute-paper-industroyer-biggest-threat-industrial-control-systems-stu\r\nxnet/\r\nhttps://www.virusbulletin.com/conference/vb2017/abstracts/last-minute-paper-industroyer-biggest-threat-industrial-control-systems-stuxnet/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "origins": [ "web" ], "references": [ "https://www.virusbulletin.com/conference/vb2017/abstracts/last-minute-paper-industroyer-biggest-threat-industrial-control-systems-stuxnet/" ], "report_names": [ "last-minute-paper-industroyer-biggest-threat-industrial-control-systems-stuxnet" ], "threat_actors": [ { "id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df", "created_at": "2023-01-06T13:46:38.402513Z", "updated_at": "2026-04-10T02:00:02.959797Z", "deleted_at": null, "main_name": "Sandworm", "aliases": [ "IRIDIUM", "Blue Echidna", "VOODOO BEAR", "FROZENBARENTS", "UAC-0113", "Seashell Blizzard", "UAC-0082", "APT44", "Quedagh", "TEMP.Noble", "IRON VIKING", "G0034", "ELECTRUM", "TeleBots" ], "source_name": "MISPGALAXY:Sandworm", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "7bd810cb-d674-4763-86eb-2cc182d24ea0", "created_at": "2022-10-25T16:07:24.1537Z", "updated_at": "2026-04-10T02:00:04.883793Z", "deleted_at": null, "main_name": "Sandworm Team", "aliases": [ "APT 44", "ATK 14", "BE2", "Blue Echidna", "CTG-7263", "FROZENBARENTS", "G0034", "Grey Tornado", "IRIDIUM", "Iron Viking", "Quedagh", "Razing Ursa", "Sandworm", "Sandworm Team", "Seashell Blizzard", "TEMP.Noble", "UAC-0082", "UAC-0113", "UAC-0125", "UAC-0133", "Voodoo Bear" ], "source_name": "ETDA:Sandworm Team", "tools": [ "AWFULSHRED", "ArguePatch", "BIASBOAT", "Black Energy", "BlackEnergy", "CaddyWiper", "Colibri Loader", "Cyclops Blink", "CyclopsBlink", "DCRat", "DarkCrystal RAT", "Fobushell", "GOSSIPFLOW", "Gcat", "IcyWell", "Industroyer2", "JaguarBlade", "JuicyPotato", "Kapeka", "KillDisk.NCX", "LOADGRIP", "LOLBAS", "LOLBins", "Living off the Land", "ORCSHRED", "P.A.S.", "PassKillDisk", "Pitvotnacci", "PsList", "QUEUESEED", "RansomBoggs", "RottenPotato", "SOLOSHRED", "SwiftSlicer", "VPNFilter", "Warzone", "Warzone RAT", "Weevly" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434708, "ts_updated_at": 1775826745, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/fd51ad86abfee1c58e43ef674b1aff05d9fb8868.pdf", "text": "https://archive.orkl.eu/fd51ad86abfee1c58e43ef674b1aff05d9fb8868.txt", "img": "https://archive.orkl.eu/fd51ad86abfee1c58e43ef674b1aff05d9fb8868.jpg" } }