The DNP User Group have issued a security notice (SN2017-001)
The WITS-PSAC would like to draw members attention to a security notice that has been issued by the DNP User Group.
Last year there was a cyber-attack against the Ukraine Power Grid using malware named as CrashOverride (also named as Industroyer). The attackers spent some time analysing the structure of the Ukrainian SCADA system and then inserted the malware which took over, amongst other items, the protocol comms driver and used scripts to send control commands to a substation to open circuit breakers. The attackers had a good understanding of the SCADA protocol, based on IEC standards similar to DNP3.
Although CrashOverride at this time did not appear to be able to attack a DNP3 based system it is clear that the attackers are sophisticated enough to extend CrashOverride to include a DNP3 driver. Please read the article linked below for further details about the issue, links for further reading and the DNP User Group’s recommendations for protecting your systems against such attacks.