A piece of destructive computer code used to bring down a power grid in the Ukraine has sparked fresh fears of an outbreak of surreptitious cyber warfare that could cripple critical infrastructure.
The power grid-wrecking software was analysed by two cyber security firms who released reports overnight about the capabilities of the powerful malware.
It's been described as the most powerful threat since Stuxnet - the virus used to disrupt a uranium enrichment plant in Iran. Stuxnet is believed to have been developed by the US and Israeli governments and was used to infiltrate Iran's enrichment plant, speeding up centrifuges causing them to destroy themselves.
The recently detected malware that brought down part of the Ukraine electricity grid in December is the "biggest threat to industrial control systems since Stuxnet," Slovakia-based firm ESET said.
Its report dubbed the malware "Industroyer" but did not indicate who was behind it. In 2015, a cyberattack left upward of 200,000 people without power in Ukraine. But ESET's report deals with malware tied to a more modest outage reported to have hit a transmission facility outside Kiev on the night of December 17, 2016.
The cyber attack exploited industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems such as water and gas, the cyber security firm said.
The malware can take direct control of electricity substation switches and circuit breakers, giving hackers the ability to shut down power distribution and damage equipment.
Meanwhile a separate report by US cyber security company Dragos has linked the malware to a group with ties to a separate group known as Sandworm, which has previously been linked to the Russian government.
"The group has direct ties to the Sandworm Team which targeted infrastructure companies in the United States and Europe in 2014 and Ukraine electric utilities in 2015," Dragos said.
The Washington-based firm gave its own name to the malware, calling it CrashOverride.
According to Dragos, it's the second-ever malware deployed for disrupting physical industrial processes, after Stuxnet.
"CrashOverride is not unique to any particular vendor or configuration, and instead leverages knowledge of grid operations and network communications to cause impact," Dragos said.
"In that way, it can be immediately re-purposed in Europe and portions of the Middle East and Asia."
The report warned that the malware could be adapted "with a small amount of tailoring" to render it potent against power grids in the United States.
"It's a game changer," the director of threat intelligence for Dragos Sergio Caltagirone told The Washington Post.
"It's the culmination of over a decade of theory and attack scenarios."
Policymakers have long worried about programs that can remotely sabotage industrial systems because of their potential to deal catastrophic damage across the internet.
THE LEGACY OF STUXNET
Ever since the Stuxnet virus was made public in 2010 world governments have been forced to admit they're operating in a new era of warfare. And the stakes are seriously high.
"The vast majority of industrial control system networks around the world are not protected," Galina Antova, the co-founder of infrastructure security firm Claroty told the Associated Press.
Ordinary hacking can be disruptive enough, but when something like a power grid is involved, "the impact is much, much more significant."
The Stuxnet code infected specific industrial control systems used by the Iranians for its nuclear program without showing any signs of infiltration.
About 13 days after infection, the virus took control of the computers controlling the plant's centrifuges causing them to blow up.
But sometime afterwards, the destructive computer code escaped due to a programming error and spread throughout internet, infecting computers around the world.
It was then that the Iranian government discovered that it had in fact been clandestinely attacked and computer researchers around the world were able to study the virus and eventually give it its name.
According to a detailed New York Times investigation in 2012, after the code escaped US president Obama consulted with the pentagon about shutting it down but instead chose to deploy an updated version which temporarily took out nearly 1000 of the 5000 centrifuges Iran were using at the time to purify uranium.