Security News > 2023 > May > New Russian-linked CosmicEnergy malware targets industrial systems
Mandiant security researchers have discovered a new malware called CosmicEnergy designed to disrupt industrial systems and linked to Russian cybersecurity outfit Rostelecom-Solar.
CosmicEnergy was discovered after a sample was uploaded to the VirusTotal malware analysis platform in December 2021 by someone with a Russian IP address.
First, the malware shares similarities with previous OT malware like Industroyer and Industroyer.
Based on public information showing that Rostelecom-Solar received funding from the Russian government for cybersecurity training and simulating electric power disruption, Mandiant suspects CosmicEnergy could also be used by Russian threat actors in disruptive cyberattacks targeting critical infrastructure like other red team tools.
As Microsoft reported in April 2022, after Russia invaded Ukraine, Russian hacking groups have deployed many malware families in destructive attacks against Ukrainian targets, including critical infrastructure.
The Sandworm Russian military hackers used the Industroyer2 malware to target the ICS network of a prominent Ukrainian energy provider but failed to take down its high-voltage electrical substations and disrupt energy delivery across the country.
News URL
Related news
- Russians lure European diplomats into malware trap with wine-tasting invite (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian army targeted by new Android malware hidden in mapping app (source)
- Disney Slack attack wasn't Russian protesters, just a Cali dude with malware (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)
- Google links new LostKeys data theft malware to Russian cyberspies (source)
- North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress (source)
- PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms (source)
- Feds finger Russian 'behind Qakbot malware' that hit 700K computers (source)