Slovakia-based ESET said the malware is the most powerful threat to appear since Stuxnet, the hacking tool used to sabotage Iran's nuclear program believed developed by US and Israeli intelligence.
ESET said the malware, which it dubbed Industroyer, may be behind the one-hour shutdown of power to the Ukraine capital Kiev last December.
The company said Industroyer's potent threat is that it works using the communication protocols designed decades ago and built into energy, transportation, water and gas systems around the world.
The malware is the "biggest threat to industrial control systems since Stuxnet," ESET said, without indicating who was behind it.
Also Read
But in a separate report on the same malware today, a second cyber security company, Dragos, tied it to a Russian hacker group called Sandworm which has been linked to the Russian government.
Dragos gave its own name to the malware, "CrashOverride," and said it is only the second-ever malware deployed for disrupting physical industrial processes, after Stuxnet.
"In that way, it can be immediately re-purposed in Europe and portions of the Middle East and Asia."
In addition, it said, the malware could be adapted "with a small amount of tailoring" to render it potent against the North American power grid.
It said that the malware can be applied to work at several electricity substations at the same time, giving it the power to create a widespread power shutdown that could last for hours and potentially days.
Disclaimer: No Business Standard Journalist was involved in creation of this content