Russia-linked malware can cause electric power disruption in multiple countries: Report
A team of cybersecurity researchers have spotted a new malware that can cause electric power disruption in countries in Europe, the Middle East and Asia. The malware attacks critical infrastructure systems and electric grids, a report said.
Cybersecurity company Mandiant said that it identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which it tracks as COSMICENERGY. It said that the malware was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia.
The malware can cause electric power disruption by interacting with devices such as remote terminal units (RTUs) that are commonly leveraged in electric transmission and distribution operations.
Read Also
Once inside the victims’ network, the hackers can control RTUs remotely by issuing “ON” or “OFF” commands.
“Analysis into the malware and its functionality reveals that its capabilities are comparable to those employed in previous incidents and malware, which were deployed in the past to impact electricity transmission and distribution,” the cybersecurity company, which is now a part of Google, noted in a blog post.
Malware’s Russia connection
The cybersecurity company said that they identified a comment in the code that indicated a module associated with a project named “Solar Polygon”. This means that the malware may have been developed by either Rostelecom-Solar or an associated party to recreate real attack scenarios against energy grid assets.
The cybersecurity company highlights that it does not have enough conclusive evidence to provide a Russian link.
Read Also
“It is possible that the malware was used to support exercises such as the ones hosted by Rostelecom-Solar in 2021 in collaboration with the Russian Ministry of Energy or in 2022 for the St. Petersburg’s International Economic Forum (SPIEF),” the report noted.
The capabilities of the new malware are not significantly different from previous malware families and its discovery highlights several notable developments in the OT threat landscape.
FacebookTwitterLinkedin
end of article
A team of cybersecurity researchers have spotted a new malware that can cause electric power disruption in countries in Europe, the Middle East and Asia. The malware attacks critical infrastructure systems and electric grids, a report said.
Cybersecurity company Mandiant said that it identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which it tracks as COSMICENERGY. It said that the malware was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia.
The malware can cause electric power disruption by interacting with devices such as remote terminal units (RTUs) that are commonly leveraged in electric transmission and distribution operations.
Read Also
Once inside the victims’ network, the hackers can control RTUs remotely by issuing “ON” or “OFF” commands.
“Analysis into the malware and its functionality reveals that its capabilities are comparable to those employed in previous incidents and malware, which were deployed in the past to impact electricity transmission and distribution,” the cybersecurity company, which is now a part of Google, noted in a blog post.
Malware’s Russia connection
The cybersecurity company said that they identified a comment in the code that indicated a module associated with a project named “Solar Polygon”. This means that the malware may have been developed by either Rostelecom-Solar or an associated party to recreate real attack scenarios against energy grid assets.
The cybersecurity company highlights that it does not have enough conclusive evidence to provide a Russian link.
Read Also
“It is possible that the malware was used to support exercises such as the ones hosted by Rostelecom-Solar in 2021 in collaboration with the Russian Ministry of Energy or in 2022 for the St. Petersburg’s International Economic Forum (SPIEF),” the report noted.
The capabilities of the new malware are not significantly different from previous malware families and its discovery highlights several notable developments in the OT threat landscape.
FacebookTwitterLinkedin
end of article
Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.