Security News > 2023 > May > New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia.

"The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 devices, such as remote terminal units, that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia," the company said.

COSMICENERGY is the latest addition to specialized malware like Stuxnet, Havex, Triton, IRONGATE, BlackEnergy2, Industroyer, and PIPEDREAM, which are capable of sabotaging critical systems and wreaking havoc.

Another notable aspect of the industrial control system malware is the lack of intrusion and discovery capabilities, meaning it requires the operator to perform an internal reconnaissance of the network to determine the IEC-104 device IP addresses to be targeted.

"While COSMICENERGY's capabilities are not significantly different from previous OT malware families', its discovery highlights several notable developments in the OT threat landscape," Mandiant said.

"The discovery of new OT malware presents an immediate threat to affected organizations, since these discoveries are rare and because the malware principally takes advantage of insecure by design features of OT environments that are unlikely to be remedied any time soon."

News URL

https://thehackernews.com/2023/05/new-cosmicenergy-malware-exploits-ics.html