A Tale of Two Industroyers

An Analysis of the Russian Malware Used to Attack Ukraine’s Power Grid

September 15, 2023


Join us on Thursday, October 19, Noon to 1 p.m. (PST) for a UCSC cybersecurity webinar where we will share how malware targeted industrial networks, and consider future potential damages of this kind of malware.

Register for the event

Guest presenter:


Webinar Details

In less than a decade, Ukraine has suffered from three cyber attacks attempting to cause electrical outages. On December 23, 2015, in the middle of freezing weather, Ukraine suffered the first blackout caused by cyber attacks. In this first incident, attackers gained remote access to the industrial networks of power companies, and a remote adversary operated the human-machine interface of operators, opening circuit breakers manually. A year later, on December 17, 2016, a fifth of Ukraine's capital Kyiv experienced another blackout. This time, the target was a transmission utility, and unlike the previous year when remote human attackers opened the circuit breakers, the attack in 2016 was launched automatically by the first known example of industrial malware targeting the power grid: Industroyer. Finally, on April 8, 2022, in the first months of the Russian invasion of Ukraine, operators discovered another malware tailored to attack circuit breakers automatically. This new piece of malware was called Industroyer 2, and it represented yet another attempt to target Ukraine's power grid.

In this talk we will summarize our work in analyzing the malware to understand how it targeted industrial networks, as well as consider what future potential damages this type of malware may create in the future.

Guest Speaker

Alvaro Cardenas

Alvaro A. Cardenas is an Associate Professor of Computer Science and Engineering at the University of California, Santa Cruz. Before joining UCSC he was the Eugene McDermott Associate Professor of Computer Science at the University of Texas at Dallas, a postdoctoral scholar at the University of California, Berkeley, and a research staff member at Fujitsu Laboratories. He holds M.S. and Ph.D. degrees from the University of Maryland, College Park, and a B.S. from Universidad de Los Andes in Colombia. His research interests focus on cyber-physical systems and IoT security and privacy, including autonomous vehicles, drones, smart home devices, and SCADA systems controlling the power grid and other critical infrastructures. He is the recipient of the NSF CAREER award, the 2018 faculty excellence in research award from the Erik Johnson School of Engineering and Computer Science, the Eugene McDermott Fellow Endowed Chair at UTD, and the Distinguished Service Award from the IEEE Computer Society Technical Committee on Security and Privacy. He has also received best paper awards from various venues, including the ACM CPS & IoT Security Workshop, IEEE Smart Grid Communications Conference, and the U.S. Army Research Conference. One of his papers was also a finalist in the CSAW competition in Israel. Cardenas' research has been funded by NSF, ARO, AFOSR, NSA, NIST, MITRE, DHS, DoT, Phoenix Technologies, and Intel.

Accommodation Needs

Contact ccarril9@ucsc.edu by Sept. 27, 2023

Interested in more cybersecurity webinars