power grid
A new Russian cyberweapon called CrashOverride could be used to target power grids in the U.S. Freeimages9.com/Pexels

Hackers working with the Russian government have created a cyberweapon that can be used to disrupt electrical grids and may be used to target infrastructure in the United States, security researchers warned.

The malware known as CrashOverride was identified and examined by experts working at Dragos, a U.S. cybersecurity firm that specializes in developing software for critical infrastructure.

Read: Did Russia Hack U.S. Election? NSA Details Attempts To Compromise Election Systems, Report Says

Dragos said CrashOverride could be used against targets in the United States, primarily U.S. electric transmission and distribution systems. Carrying out the attack would require modifications to the malicious software, but such an effort is within the realm of possibility.

The malware framework already has been used to attack the electrical grid of Ukraine. Dragos said the malware was used to target transmission stations in Kiev in 2016 — an attack believed to have been more a proof of concept than a full display of CrashOverride’s capabilities.

While that attack may not have showcased the malware in action, Dragos’ research revealed some of the effects it could have on a nation’s power grid.

Attackers can use CrashOverride to manipulate the settings on the electrical grid’s control systems. It can scan for critical parts of the infrastructure, like those that operate the circuit breakers and manipulate it to stop the flow of electricity.

Read: Did Russia Hack The US Election? Senator Warns Russian Cyberattack Worse Than Reported

CrashOverride contains a wiper feature that erases software on the computer system that gives operators control over circuit breakers, which forces the use of manual function that has to be done on site.

Attackers can use the malware to target multiple locations at the same time with a “time bomb” functionality that could lead to outages in different areas at the same time, putting additional stress on the system. Variants of the malware also could be developed to target other systems, including water and gas though the group behind the malicious software has not yet pursued those types of attacks.

Despite the current lack of sophistication to perform such attacks, the group behind CrashOverride does not lack in ambition. Dragos reported with “high confidence” it believes Electrum, the group behind the malware, has direct ties to a team of hackers who attacked infrastructure companies in the U.S. and Europe in 2014 and Ukrainian electric companies in 2015.

The 2015 attack was particularly devastating, leaving 225,000 customers — or about a fifth of the city of Kiev — without power.

Given what is already known about the Russian intent to meddle in the U.S., including recent reports Russian military hackers have been behind targeted attacks on election software and hardware makers in the country, Dragos has raised concerns the malware may at some point be directed at U.S. systems.

However, the security firm assured that such an attack would not be as catastrophic were it to hit inside the U.S. border. Dragos estimates such an attack would likely last hours and not persist more than a few days.