A team of cybersecurity researchers have spotted a new malware that can cause electric power disruption in countries in Europe, the Middle East and Asia. The malware attacks critical infrastructure systems and electric grids, a report said.
Cybersecurity company Mandiant said that it identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which it tracks as COSMICENERGY. It said that the malware was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia.
The malware can cause electric power disruption by interacting with devices such as remote terminal units (RTUs) that are commonly leveraged in electric transmission and distribution operations.
Once inside the victims’ network, the hackers can control RTUs remotely by issuing “ON” or “OFF” commands.
“Analysis into the malware and its functionality reveals that its capabilities are comparable to those employed in previous incidents and malware, which were deployed in the past to impact electricity transmission and distribution,” the cybersecurity company, which is now a part of Google, noted in a blog post.
Malware’s Russia connection
The cybersecurity company said that they identified a comment in the code that indicated a module associated with a project named “Solar Polygon”. This means that the malware may have been developed by either Rostelecom-Solar or an associated party to recreate real attack scenarios against energy grid assets.
The cybersecurity company highlights that it does not have enough conclusive evidence to provide a Russian link.
“It is possible that the malware was used to support exercises such as the ones hosted by Rostelecom-Solar in 2021 in collaboration with the Russian Ministry of Energy or in 2022 for the St. Petersburg’s International Economic Forum (SPIEF),” the report noted.
The capabilities of the new malware are not significantly different from previous malware families and its discovery highlights several notable developments in the OT threat landscape.
FacebookTwitterLinkedin
end of article
Good morning and thank you to IISS for hosting. It’s a privilege to be here in Singapore. An island nation and trading powerhouse with which the UK has much
BRUSSELS (Reuters) - A majority of EU countries have rejected a push by Europe's big telecoms operators to force Big Tech to help fund the rollout of 5G and bro
And relax. After months of performative wrangling, the showboats of US politics have finally agreed to give the country more leeway in borrowing, a move
Credit: Unsplash/CC0 Public Domain Apple Inc. is working on
