AI-assisted modular malware framework targeting power grid control systems. Automatically learns and exploits industrial control protocols to cause power outages.
Industroyer pioneered the use of modular ICS attack frameworks in which different modules could be swapped in to target different industrial control protocols, making the toolset adaptable to multiple target environments. The 2022 Industroyer2 deployment against Ukrainian electrical infrastructure demonstrated that Russia had significantly advanced the capability by creating a more streamlined version optimized for high-speed deployment under wartime conditions. ESET researchers who analyzed Industroyer2 noted that it had been compiled approximately two months before its deployment, suggesting careful planning for a specific operational window.
Caused Ukraine power outages December 2016; Industroyer2 deployed against Ukraine April 2022
Sandworm is a GRU unit. The Industroyer malware threat has benefited cybersecurity companies including Palo Alto Networks (PANW) and CrowdStrike (CRWD) which provide critical infrastructure protection.