News

New Russian malware may be intended to attack power grids

By admin
Spread the love

Researchers from cybersecurity company Mandiant have discovered a malware called CosmicEnergy that may be intended to disrupt power grids and other critical infrastructure. The researchers link the malware to the Russian Federal Security Service.

According to the research, the malware can be targeted at remote terminal units that comply with the IEC-104 standard. These are often used for electricity supply in Europe, the Middle East and Asia, writes Mandiant. The malware can infiltrate OT systems by exploiting already compromised MSSQL servers. CosmicEnergy can then manipulate the RTUs remotely by issuing commands through the Lightwork tool, which runs on the IEC-104 protocol.

Mandiant does not dare to say with certainty what exactly the malware is intended for. However, the company writes that based on its analysis, it expects that CosmicEnergy was developed by the Russian Federal Security Service “to simulate real attack scenarios against power grid assets.” In other words, it may be intended to carry out ‘practice attacks’ so that Russia can find out to what extent the affected systems and networks are properly secured.

Mandiant first discovered the malware in December 2021 after a sample was uploaded to the VirusTotal malware analysis platform by a user with a Russian IP address. It showed that the malware has many similarities with the Industroyer malware families, which are linked to the Sandworm hacker group affiliated with the Kremlin. Cyber ​​attacks have been carried out several times in the past using this malware. Last year it was used to attack Ukraine’s electricity grid. Mandiant says it does not have enough evidence to be certain that the CosmicEnergy malware was developed by the same group.

Unlike Industroyer, CosmicEnergy has not yet been used for a cyber attack. Mandiant does warn that the malware poses a “plausible threat” to power grids. The cybersecurity group recommends that OT administrators using an IEC-104 compliant device take action in case the malware is deployed in the future.

You might also like
Extensions & Addns

ShortcutKey2URL for Chrome . Extension

News

Water collection from the air using a portable system

Review

AMD X870 Motherboards Review- ASUS, ASRock and MSI present line-ups

Review

New eras for old favorite – Civilization VII Review

Review

Waterproof range for your garden – TP-Link Deco X50-Outdoor Quick Test

Downloads

Download Office 365 Offline Installer ISO / IMG