Two cyber security companies said they have uncovered a sophisticated piece of malicious software capable of causing power outages by ordering industrial computers to shut down electricity transmission.
Analysis of the malware, known as Crash Override or Industroyer, indicates it was likely used in a December 2016 cyber attack that cut power in Ukraine, according to the firms, Slovakian security software maker ESET and U.S. critical-infrastructure security firm Dragos Inc.
The discovery may stoke fears about cyber vulnerabilities in power grids that have intensified in the wake of the December Ukraine attack, and one a year earlier that also cut power in that nation.
Ukraine authorities have previously blamed Russia for the attacks on its grid. Moscow has denied responsibility.
Dragos founder Robert M. Lee said the malware is capable of causing outages of up to a few days in portions of a nation's grid, but is not potent enough to bring down a country's entire grid.
The firm has alerted government authorities and power companies about the threat, advising them of steps to defend against the threat, Lee said in an interview.