On April 12, ESET announced that it found new OT-targeted malware at a Ukrainian Energy company. Like the Industroyer malware used in the attacks on Ukrainian grid operators in December 2016, the new malware can send commands in the IEC 60870-5-104 protocol that is used by most European grid operators to communicate with their substations. ESET hence named the new malware Industroyer 2.
This document covers the tactics, techniques, and procedures of the malware and briefly outlines possible emergency measures and responses to this malware.