New Russian malware may be intended to attack power grids – Computer – News

By Owen May 26, 2023 Technology 0 Comments

Researchers at cybersecurity agency Mandiant have found a malware known as CosmicEnergy that could be supposed to disrupt energy grids and different vital infrastructures. The researchers hyperlink the malware to the Russian Federal Safety Service.

In accordance with the analysis, the malware might be focused to distant terminal models that adjust to the IEC-104 customary. They’re typically used for electrical energy provide in Europe, the Center East and Asia, writes Mandiant. The malware can OTinfiltrate methods by exploiting already hacked mssql servers. CosmicEnergy can then manipulate the RTUs remotely by issuing instructions via the Lightwork instrument, which runs on the IEC-104 protocol.

Mandiant doesn’t dare to say for positive what the malware is meant for. Nonetheless, the corporate writes that based mostly on its evaluation, it expects that CosmicEnergy was developed by the Russian Federal Safety Service “to simulate actual assault situations in opposition to belongings of the electrical energy grid.” In different phrases, it might be supposed to hold out ‘follow assaults’, in order that Russia can discover out to what extent the affected methods and networks are correctly secured.

Mandiant first found the malware in December 2021 after a pattern was uploaded to the VirusTotal malware evaluation platform by a consumer with a Russian IP deal with. It turned out that the malware has many similarities with the Industroyer-malwarefamilies, that are linked to the Sandworm hacker group affiliated with the Kremlin. Prior to now, cyber assaults have been carried out a number of instances with that malware. Final yr it was nonetheless used to assault Ukraine’s energy grid. By the way, Mandiant says it doesn’t have sufficient proof to make sure that the CosmicEnergy malware was developed by the identical group.

Not like Industroyer, CosmicEnergy has not but been used for a cyber assault. Mandiant warns that the malware poses a “believable menace” to energy grids. The cybersecurity group recommends that OT directors utilizing an IEC-104 compliant system take motion in case the malware is deployed sooner or later.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Related Posts