Security News > 2023 > May > Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids
Malware designed to disrupt electric power grids was likely developed by a Russian contractor, according to Mandiant's threat intel team that discovered the malicious software and dubbed it CosmicEnergy.
The team say it's likely a contractor created the malware as a red-teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, a Russian cybersecurity company.
It shares capabilities with 2016's Industroyer, a particularly dangerous type of Russian malware that can directly control electricity substation switches and circuit breakers, as well as its successor, Industroyer v2, which Ukrainian threat hunters discovered after Russia's invasion last year.
As IEC-104 is generally not used in the US, which more commonly uses Distributed Network Protocol 3, this malware variant doesn't pose a direct threat to American power grids and other industrial control systems, Lunden said.
The malware has two components, which Mandiant calls PieHop and LightWork.
While they say there's not "Sufficient evidence" to determine the malware's origin or purpose, "We believe that the malware was possibly developed by either Rostelecom-Solar or an associated party to recreate real attack scenarios against energy grid assets." .
News URL
https://go.theregister.com/feed/www.theregister.com/2023/05/25/russian_energy_malware/
Related news
- New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)
- Uncle Sam outs a Russian accused of developing Redline infostealing malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)