WP-060-2022: Analysis of the Industroyer 2 malware

On April 12, ESET announced that it found new OT-targeted malware at a Ukrainian Energy company. Like the Industroyer malware used in the attacks on Ukrainian grid operators in December 2016, the new malware can send commands in the IEC 60870-5-104 protocol that is used by most European grid operators to communicate with their substations. ESET hence named the new malware Industroyer 2.

This document covers the tactics, techniques, and procedures of the malware and briefly outlines possible emergency measures and responses to this malware.

Download this document (ENCS members only)

Employees of ENCS members can download the document by entering their e-mail address below. A link to the document will be sent to the address.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.