{"id":60444,"date":"2025-09-26T11:04:03","date_gmt":"2025-09-26T11:04:03","guid":{"rendered":"https:\/\/becolve.com\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/"},"modified":"2025-09-26T11:04:03","modified_gmt":"2025-09-26T11:04:03","slug":"industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems","status":"publish","type":"blog","link":"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/","title":{"rendered":"Industroyer or the New Specific Malware Development Environment for Industrial Control Systems"},"content":{"rendered":"<p>It has been 7 years since Stuxnet showed its face, seriously affecting industrial control systems. As is known, this APT was specifically developed to attack the distributed system of <strong>Siemens PCS7, the S7 series of PLCs and the SCADA WinCC<\/strong>. A total of up to 22 plants and more than 100,000 infected PCs were counted, although the best-known case is the one that affected the uranium enrichment plants in Iran, in particular the <strong>Bushehr Nuclear Power Plant<\/strong> and the <strong>Natanz Nuclear Complex.<\/strong>  <\/p>\n<p>On the other hand, in December 2016, <strong>the energy management infrastructure in Ukraine<\/strong> was the target of a cyberattack, leaving a fifth of the country&#8217;s electricity grid without power for 72 minutes (affecting more than 250,000 homes). This attack has been the subject of analysis and study, and recently, ESET has discovered and named the malware that carried out this attack <strong>Industroyer<\/strong> (Dragos has named it CrashOverride). <\/p>\n<p>If we take a look at the attack vectors used by <strong>Stuxnet<\/strong> to affect industrial control systems, we can see that Industroyer uses similar means.<\/p>\n<ul>\n<li>Through social engineering techniques or similar, it is able to install a <strong>Backdoor<\/strong> in the real-time systems that manage the electricity distribution network.<\/li>\n<li>Industroyer is composed of <strong>4 Pay-Loads<\/strong> that allow access to the <strong>\u201cPower Circuit Breakers\u201d<\/strong> themselves, that is, devices (type switches) that are installed in electrical networks to avoid overloads. Figure 1, extracted from the document generated by ESET, describes these Pay-Loads. <\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-28241\" src=\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/INDUSTROYER.jpg\" alt=\"\" width=\"400\" height=\"300\"><\/p>\n<ul>\n<li>It takes advantage of the <strong>typical vulnerabilities of specific protocols<\/strong> (which do not incorporate security) that converge in the \u201cSmart Grid\u201d such as: IEC 60870-5-101, IEC 60870-5-104, IEC 61850 and OPC DA.<\/li>\n<li>The <strong>communication with the C&amp;C<\/strong> is carried out anonymously, using the Tor network for this.<\/li>\n<li>It has <strong>the capacity to be \u201cdeactivated\u201d<\/strong> for a time, so that, as happened with Stuxnet, it would be activated at a certain moment.<\/li>\n<li>It is <strong>a modular malware.<\/strong> Does this mean that we are facing a specific malware development environment for industrial control systems? <em><strong><u>Sincerely, I think so<\/u><\/strong><\/em>. In fact, ESET has verified that some of the Payloads can affect some <strong>ABB control systems and the SIPROTECT device<\/strong> from Siemens, a typical device that is deployed in electrical substations. <\/li>\n<\/ul>\n<p>Today it is <strong>Industroyer,<\/strong> and tomorrow it will be another APT that can massively affect critical infrastructures. If you want to know what technological solutions you can incorporate into your operating environment to increase its cyber resilience, we recommend that you join us during the <strong><a href=\"http:\/\/www.meetandtalkevents.com\/ciberseguridad-en-la-industria-4-0-e-infraestructuras-criticas\/\">Cybersecurity Conference in Industry 4.0 and Critical Infrastructures<\/a>.<\/strong> We will wait for you!! <\/p>\n<p>For <strong>more information about Industroyer,<\/strong> we recommend that you read <a href=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/06\/Win32_Industroyer.pdf\"><strong>this article<\/strong><\/a> generated by the manufacturer ESET or get in <a href=\"http:\/\/www.ciberseguridadlogitek.com\/contacto\/\">contact with us<\/a> so we can help you!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In December 2016, the energy management infrastructure in Ukraine was the target of a cyberattack, ESET has discovered and named the malware that carried out that attack Industroyer&#8230;<\/p>\n","protected":false},"author":31,"featured_media":60446,"menu_order":0,"template":"","categories":[1371],"tags":[],"arquitectura":[1839],"area":[],"sector":[],"experto":[1396],"weborigen":[157],"productos-tax":[],"soluciones-tax":[],"marcas-tax":[],"coauthors":[],"class_list":["post-60444","blog","type-blog","status-publish","has-post-thumbnail","hentry","category-cybersecurity","arquitectura-industrial-cybersecurity","experto-industrial-cybersecurity-total-availability","weborigen-ciberseguridadlogitek-com"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Industroyer or the new specific malware development environment for industrial control systems<\/title>\n<meta name=\"description\" content=\"ESET has discovered and named the malware that carried out the attack on the energy management infrastructure in Ukraine as Industroyer.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Industroyer or the new specific malware development environment for industrial control systems\" \/>\n<meta property=\"og:description\" content=\"ESET has discovered and named the malware that carried out the attack on the energy management infrastructure in Ukraine as Industroyer.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/\" \/>\n<meta property=\"og:site_name\" content=\"Becolve Digital\" \/>\n<meta property=\"og:image\" content=\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberataque.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@Logitek_es\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Becolve Digital\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/\",\"url\":\"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/\",\"name\":\"Industroyer or the new specific malware development environment for industrial control systems\",\"isPartOf\":{\"@id\":\"https:\/\/becolve.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberataque.jpg\",\"datePublished\":\"2025-09-26T11:04:03+00:00\",\"description\":\"ESET has discovered and named the malware that carried out the attack on the energy management infrastructure in Ukraine as Industroyer.\",\"breadcrumb\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/#primaryimage\",\"url\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberataque.jpg\",\"contentUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberataque.jpg\",\"width\":800,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/becolve.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog Items\",\"item\":\"https:\/\/becolve.com\/en\/blog\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Industroyer or the New Specific Malware Development Environment for Industrial Control Systems\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/becolve.com\/en\/#website\",\"url\":\"https:\/\/becolve.com\/en\/\",\"name\":\"Becolve Digital\",\"description\":\"Transformaci\u00f3n digital en industria e infraestructuras\",\"publisher\":{\"@id\":\"https:\/\/becolve.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/becolve.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/becolve.com\/en\/#organization\",\"name\":\"Becolve Digital\",\"url\":\"https:\/\/becolve.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png\",\"contentUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png\",\"width\":200,\"height\":64,\"caption\":\"Becolve Digital\"},\"image\":{\"@id\":\"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/Logitek_es\",\"https:\/\/www.linkedin.com\/company\/becolve-digital\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Industroyer or the new specific malware development environment for industrial control systems","description":"ESET has discovered and named the malware that carried out the attack on the energy management infrastructure in Ukraine as Industroyer.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/","og_locale":"en_US","og_type":"article","og_title":"Industroyer or the new specific malware development environment for industrial control systems","og_description":"ESET has discovered and named the malware that carried out the attack on the energy management infrastructure in Ukraine as Industroyer.","og_url":"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/","og_site_name":"Becolve Digital","og_image":[{"width":800,"height":300,"url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberataque.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@Logitek_es","twitter_misc":{"Est. reading time":"2 minutes","Written by":"Becolve Digital"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/","url":"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/","name":"Industroyer or the new specific malware development environment for industrial control systems","isPartOf":{"@id":"https:\/\/becolve.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/#primaryimage"},"image":{"@id":"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberataque.jpg","datePublished":"2025-09-26T11:04:03+00:00","description":"ESET has discovered and named the malware that carried out the attack on the energy management infrastructure in Ukraine as Industroyer.","breadcrumb":{"@id":"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/#primaryimage","url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberataque.jpg","contentUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberataque.jpg","width":800,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/becolve.com\/en\/blog\/industroyer-or-the-new-specific-malware-development-environment-for-industrial-control-systems\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/becolve.com\/en\/"},{"@type":"ListItem","position":2,"name":"Blog Items","item":"https:\/\/becolve.com\/en\/blog\/"},{"@type":"ListItem","position":3,"name":"Industroyer or the New Specific Malware Development Environment for Industrial Control Systems"}]},{"@type":"WebSite","@id":"https:\/\/becolve.com\/en\/#website","url":"https:\/\/becolve.com\/en\/","name":"Becolve Digital","description":"Transformaci\u00f3n digital en industria e infraestructuras","publisher":{"@id":"https:\/\/becolve.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/becolve.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/becolve.com\/en\/#organization","name":"Becolve Digital","url":"https:\/\/becolve.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png","contentUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png","width":200,"height":64,"caption":"Becolve Digital"},"image":{"@id":"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Logitek_es","https:\/\/www.linkedin.com\/company\/becolve-digital\/"]}]}},"_links":{"self":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog\/60444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/users\/31"}],"version-history":[{"count":0,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog\/60444\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/media\/60446"}],"wp:attachment":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/media?parent=60444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/categories?post=60444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/tags?post=60444"},{"taxonomy":"arquitectura","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/arquitectura?post=60444"},{"taxonomy":"area","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/area?post=60444"},{"taxonomy":"sector","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/sector?post=60444"},{"taxonomy":"experto","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/experto?post=60444"},{"taxonomy":"weborigen","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/weborigen?post=60444"},{"taxonomy":"productos-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/productos-tax?post=60444"},{"taxonomy":"soluciones-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/soluciones-tax?post=60444"},{"taxonomy":"marcas-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/marcas-tax?post=60444"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/coauthors?post=60444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}