Last December, when attackers hacked a power transmission company in Ukraine and cut electricity to tens of thousands of customers for an hour around midnight, it was considered a less severe assault than one that occurred the previous December. The latter attack cut power to more than 230,000 Ukrainians for one to six hours during peak dinner hours in the dead of winter.
But new analysis of malware used in the more recent attack suggests it may be more sophisticated and dangerous than previously believed.
Researchers who examined the malicious code say it’s a modular toolkit composed of multiple components that have the ability to launch automated assaults against industrial control systems managing the electric grid.
The toolkit doesn’t exploit software vulnerabilities to do its dirty tricks—the way most malware does—but instead relies on exploiting four communication protocols or standards that are used with industrial control systems in …