Security News > 2023 > May > Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids
Malware designed to disrupt electric power grids was likely developed by a Russian contractor, according to Mandiant's threat intel team that discovered the malicious software and dubbed it CosmicEnergy.
The team say it's likely a contractor created the malware as a red-teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, a Russian cybersecurity company.
It shares capabilities with 2016's Industroyer, a particularly dangerous type of Russian malware that can directly control electricity substation switches and circuit breakers, as well as its successor, Industroyer v2, which Ukrainian threat hunters discovered after Russia's invasion last year.
As IEC-104 is generally not used in the US, which more commonly uses Distributed Network Protocol 3, this malware variant doesn't pose a direct threat to American power grids and other industrial control systems, Lunden said.
The malware has two components, which Mandiant calls PieHop and LightWork.
While they say there's not "Sufficient evidence" to determine the malware's origin or purpose, "We believe that the malware was possibly developed by either Rostelecom-Solar or an associated party to recreate real attack scenarios against energy grid assets." .
News URL
https://go.theregister.com/feed/www.theregister.com/2023/05/25/russian_energy_malware/
Related news
- Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- Vietnam-Based Hackers Steal Financial Data Across Asia with Malware (source)