Security News > 2020 > January > Iran-Linked RAT Used in Recent Attacks on European Energy Sector
Attacks recently identified to target a key organization in the European energy sector have employed a remote access Trojan previously associated with Iran-linked threat actors, Recorded Future reports.
The researchers were able to identify a PupyRAT command and control server that communicated with a mail server for a European energy sector organization between November 2019 and at least January 5, 2020.
The attack is of particular interest, given the organization's role in the coordination of European energy resources, especially amid an increase in Iranian-linked activity targeting energy sector industrial control software.
"Phil Neray, VP of Industrial Cybersecurity at CyberX, commented on the report,"We've recently seen increased use of open-source malware by Iran-sponsored threat actors, but what's particularly interesting about this attack is that it targets an energy sector organization involved with 'coordination of European energy resources.
"Given the extensive cross-border dependencies across the European energy infrastructure, this appears to be a strategic move by the adversary to focus on a centralized target in order to impact multiple countries at the same time, similar to the strategic value of attacking a single central transmission station rather than multiple remote substations - as Russian threat actors did in the 2016 Ukrainian grid attack compared to their 2015 attack," Neray told SecurityWeek.