Power firms around the world are being warned about how to spot if they are being targeted by hackers who shutdown parts of Ukraine’s electricity grid.
The warnings have emerged from analysis of the malware used in an attack in Ukraine in December.
That left about 230,000 people without power for hours after substations were shut down via implanted malware.
The move comes as researchers at Black Hat and Def Con reveal ways power firms are lax on security.
“Power grid operators need to be aware that these styles of events are out there and they need to prepare for them,” said Robert M Lee of Dragos Security during a talk at the Black Hat show which detailed its work to analyse the malware used in the Ukraine attack.
Ukraine suffered two attacks on its network – one in March 2015 and another in late 2016.
The warnings detail the text and code combinations used by the attackers as they infiltrated networks and started the process of shutting down key parts of the grid. The information should help power firms scan internal systems for tell-tale signs of intrusion and prepare other defences so they can spot reconnaissance.
Additional information provided by Dragos and security firm Eset also sets out some other ways the malware seen in the Ukraine attack could be deployed.
“All of the functionality exhibited in the malware was not seen in the Ukraine attack,” said Mr Lee. “They built more functions in it than they needed.”