Skip to main content


Home Industroyer

Industroyer

Industroyer definition

Industroyer refers to a highly sophisticated and destructive malware that specifically targets industrial control systems (ICS) used in critical infrastructure sectors such as energy, transportation, and manufacturing. It is also known as CrashOverride.

See also: critical infrastructure and key resources

History of Industroyer

Cybersecurity researchers first discovered Industroyer in June 2017 by. It is attributed to a threat actor group known as SandWorm, believed to have links to state-sponsored activities. Industroyer is designed to target and disrupt the operation of ICS components, including supervisory control and data acquisition (SCADA) systems and communication protocols commonly used in industrial environments. It poses a significant threat to power grids, transportation systems, and other critical infrastructure.

Industroyer gained significant attention when it was identified as the malware responsible for a major power outage in Ukraine in December 2016. The attack impacted multiple energy distribution companies, leaving thousands of people without electricity.

One notable aspect of Industroyer is its modular design, which allows attackers to adapt and customize the malware for specific target environments. The modular structure makes it more difficult to detect and defend against, as different components can be combined and modified to suit the attacker's objectives.

Industroyer represents a broader threat to critical infrastructure worldwide. The malware's capabilities and the associated Sandworm group's track record suggest a continued potential for similar attacks targeting industrial control systems.