Security News > 2023 > May > Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids

Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids
2023-05-25 21:07

Malware designed to disrupt electric power grids was likely developed by a Russian contractor, according to Mandiant's threat intel team that discovered the malicious software and dubbed it CosmicEnergy.

The team say it's likely a contractor created the malware as a red-teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, a Russian cybersecurity company.

It shares capabilities with 2016's Industroyer, a particularly dangerous type of Russian malware that can directly control electricity substation switches and circuit breakers, as well as its successor, Industroyer v2, which Ukrainian threat hunters discovered after Russia's invasion last year.

As IEC-104 is generally not used in the US, which more commonly uses Distributed Network Protocol 3, this malware variant doesn't pose a direct threat to American power grids and other industrial control systems, Lunden said.

The malware has two components, which Mandiant calls PieHop and LightWork.

While they say there's not "Sufficient evidence" to determine the malware's origin or purpose, "We believe that the malware was possibly developed by either Rostelecom-Solar or an associated party to recreate real attack scenarios against energy grid assets." .


News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/25/russian_energy_malware/