A Tale of Two Industroyers: It was the Season of Darkness

pdf

ABSTRACT

In this paper, we study two pieces of malware that attempted to create blackouts in Ukraine. In particular, we design and develop a new sandbox that emulates different networks, devices, and other characteristics so that we can execute malware targeting substation equipment and understand in detail the specific sequence of actions the attackers could perform on substation equipment. We also study the effects that future similar malware can have. Our findings include new malware behavior not previously documented (such as the detailed algorithm for the MMS protocol payload) and an illustration of how attacking different targets will produce different effects.

Luis Salazar

is a Ph.D. candidate pursuing his doctoral degree at the University of California, Santa Cruz. His research focuses on cyber-physical systems security, primarily on studying threats against the safety and security of critical infrastructure, which is becoming increasingly vital.

Tags:

HotSoS

HotSoS 2024

License: AFL-3.0

Submitted by Regan Williams on Mon, 04/15/2024 - 11:06