ESET Research jointly presents Industroyer2 at Black Hat USA with Ukrainian government representative

• ESET researchers Robert Lipovský and Anton Cherepanov recently presented their research on Industroyer2 at the Black Hat USA 2022 conference.
• Joining the presentation was Deputy Director of Ukraine’s State Service of Special Communications and Information Protection Victor Zhora.
• This is the first time that a Ukrainian governmental representative has taken part in such a high-profile cybersecurity conference.
• ESET researchers pledged to continue working with CERT-UA to support its cyberdefenses.

BRATISLAVA, LAS VEGAS — ESET researchers Robert Lipovský and Anton Cherepanov recently presented  breakthrough research into Industroyer2 during a Black Hat conference in Las Vegas, along with Victor Zhora, the Deputy Director of Ukraine’s State Service of Special Communications and Information Protection (SSSCIP). This is the first time that a Ukrainian governmental cybersecurity expert has participated in one of the most prestigious cybersecurity research conferences in the world.

The “surprising” appearance of  Zhora during ESET’s presentation was an additional opportunity for research, expert, and media audiences alike to gain in-depth information on Ukraine’s capability to resist the cyber warfare waged by the Russian aggressor.

“The Industroyer2 attack was thwarted thanks to the swift response of Ukrainian defenders and CERT-UA. We provided the Ukrainian side with crucial analysis of this threat, which could have become the most substantial cyberattack since the beginning of the invasion had it succeeded. Our researchers are ready to continue to work with CERT-UA to support its cyber defenses,” says  Lipovský, ESET’s Principal Malware Researcher, who presented the Industroyer2 research at Black Hat with Cherepanov.

Earlier this year, ESET researchers responded to a cyber-incident affecting an energy provider in Ukraine. ESET worked closely with the Computer Emergency Response Team of Ukraine (CERT-UA) in order to remediate and protect this critical infrastructure network.

The collaboration resulted in the discovery of a new variant of Industroyer malware that ESET Research together with CERT-UA named Industroyer2. Industroyer is an infamous piece of malware that was used in 2016 by the Sandworm APT group to cut power in Ukraine. In this case, the Sandworm attackers made an attempt to deploy the Industroyer2 malware against high-voltage electrical substations in Ukraine. In addition to Industroyer2, Sandworm used several destructive malware families. These consisted of disk wipers for the Windows, Linux, and Solaris operating systems.

“Since the end of World War II, humankind has never faced such grave challenges as today, when Russia invaded Ukraine. However, the parallel war in cyberspace is an absolutely new challenge. The knowledge we have gained by this research should be part of a universal common knowledge that helps defend the civilized world from such threats. I’d like to express my gratitude to all our partners who keep supporting us in this unprecedented war and in our struggle for life,” added Zhora.

The State Service of Special Communications and Information Protection of Ukraine is a specialized executive authority whose key functions include provisioning secure government communications, the government courier service, information protection, and cyber defense.

For more technical information about Industroyer2, check out the blogpost Industroyer2: Industroyer reloaded, and for more about the Black Hat presentation, check out Black Hat 2022 – Cyberdefense in a global threats era on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.