CRASHOVERRIDE intended to cause long-term damage.
Analysts at Dragos have reassessed the 2016 cyberattack against Ukraine's power grid and have concluded that the blackout was intended to be far more damaging and longer-lasting than what was actually achieved. The attack appears to have had a final stage that failed for reasons unknown to Dragos. After the blackout was triggered, the attackers tried to launch denial-of-service attacks against the Siemens SIPROTEC protective relays in use by the plant. This initially seemed pointless, since the attack had seemingly already taken place. Dragos suspects, however, that the attackers wanted the plant's operators to reactivate the systems while lacking visibility and without realizing that the protective relays were disabled. This could have greatly intensified the attack, causing physical damage to equipment and harming employees.
Dragos' director of threat intelligence Sergio Caltagirone told WIRED that "they've pre-engineered attacks that harm the facility in a destructive and potentially life-threatening way when you respond to the incident. It’s the response that ultimately harms you."