The Russians may deploy a terrifying cyber weapon in the war in Ukraine

The malicious software can already be used during the next military exercise.

Malware, i.e. malicious software, has been discovered that can cut off the power supply of an entire country – write the researchers of the Mandiant IT security company. The CosmicEnergy malware is similar to the previously detected Industroyer and Industroyer 2 malware. Both software can be linked to the Russian hacker group Sandworm, and it is also assumed that the recently discovered malware could be used during Russia’s war against Ukraine.

In December 2016, Sandworm deployed the Industroyer, which disrupted the power supply in Kyiv, leaving thousands without power in the Ukrainian capital. Before this, in 2015, a similar attack took place, when 225,000 Ukrainians had to be without the blessings of electricity for six hours following the deployment of the software called BlackEnergy.

Industroyer 2 was noticed by IT security experts last year. An attempt was made to use the malware during an attack on the Ukrainian energy infrastructure, but this was prevented in time. Even so, the case highlighted how vulnerable the electricity networks of individual countries are, as well as the fact that Russia is trying to exploit similar vulnerabilities with increasingly sophisticated means.

With the help of an improved version of BlackEnergy, BlackEnergy3, Sandworm hackers penetrated the corporate networks of several Ukrainian electricity providers, where they managed to take control of various monitoring systems. Fortunately, however, BlackEnergy3 was not able to access the devices that directly control the power supply.

The 2016 Industroyer attack was even more skillful than this: it was able to successfully exploit the vulnerabilities of the outdated systems of the companies operating the Ukrainian network, and it was also able to control individual transformer stations and disable the security solutions built into the system.

CosmicEnergy is the latest version of malware that attacks network devices, capable of even causing physical damage, and is relatively rarely detected. What sets CosmicEnergy apart from other similar malware based on our analysis is that this tool may have been originally developed for a power outage simulation exercise staged by Rostelecom-Solar, a Russian IT security company. Analysis of the malware and its functions revealed that its capabilities are comparable to Industroyer and Industroyer 2 malware.


The discovery of CosmicEnergy is a great example of how it will become easier to create devices that attack the energy infrastructure, as organizations performing similar activities can use the knowledge gained from previous similar attacks to develop new malware. […] We believe that CosmicEnergy poses a real threat to the electrical infrastructures involved. Their operators must take the necessary steps to prevent the deployment of Cosmicenergy

– wrote the experts of the IT security company Mandiant, which discovered the malware.

In the past, Russian hackers also tried to take control of the Facebook accounts of Hungarian influencers.

Are you more seriously interested in IT? You can find our news and analyzes for IT and infocommunications decision-makers here.

Source: PC World Online Hírek by

*The article has been translated based on the content of PC World Online Hírek by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!