Indestroyer2 Malware Targets Ukrainian Industrial Control Systems
Indestroyer2 Malware is a malicious piece of software, which has been employed in attacks against Ukraine-based Industrial Control Systems (ICS.) The goal of the attackers is to take down important targets operating in the energy sector, and it is likely that the perpetrators are a Russian, state-backed group of cybercriminals.
The Indestroyer2 Malware appears to follow a similar tactic like the original Industroyer Malware that was first used in 2016. The criminals are once again going after electrical substations, and the first attack was carried out on the 8th of April. However, research shows that the affected devices may have been compromised earlier, in March. The Indestroyer2 Malware was executed via pre-made scheduled task, which ensured that all instances of the Indestroyer2 Malware will be activated simultaneously.
One of the major changes observed in the Indestroyer2 Malware is the fact that all configuration strings are stored inside the payload. This means that it was crafted for the specific target before it was deployed onto the ICS. The Indestroyer2 Malware was often used in combination with the CaddyWiper Malware to ensure that the infected systems are fully taken offline.
The Sandworm Advanced Persistent Threat (APT) group is believed to be behind the Indestroyer2 Malware.