Two cybersecurity firms have uncovered malicious software that they believe caused a December 2016 Ukraine power outage, they said on Monday, warning that the malware could be easily modified to harm critical infrastructure operations around the globe.

ESET, a Slovakian anti-virus software maker, and Dragos Inc., a U.S. critical-infrastructure security firm, released detailed analyses of the malware, known as Industroyer or Crash Override, and issued private alerts to governments and infrastructure operators to help them defend against the threat.

They said they did not know who was behind the cyberattack. Ukraine has blamed Russia, though officials in Moscow have repeatedly denied blame.