This dangerous Russian-linked malware could shut down power grids
Date:
Fri, 26 May 2023 10:25:21 +0000
Description:
Researchers suggest its origins might have been benign, but CosmicEnergy malware now poses a significant threat.
FULL STORY ======================================================================
Cybersecurity researchers have uncovered a new dangerous malware designed to disrupt systems such as energy grids or other critical infrastructure.
Experts from Mandiant dubbed the malware CosmicEnergy, and believe its
similar to previously-discovered Sandworm. Sandworm is a notorious Russian state-sponsored malware that was designed to target Ukrainian power grids
back in 2016.
The key difference between CosmicEnergy and Sandworm is that the former wasnt discovered after a security incident, but rather through threat hunting. Someone from Russia uploaded the malware to VirusTotal a year and a half ago, which is where Mandiants researchers picked it up. Developed for training
Apparently, the malware was developed by Rostelecom-Solar, the cybersecurity department of Rostelecom - Russias national telecom operator.
The initial conclusion is that the malware was designed for training
purposes, likely to educate the IT department on how to behave in case an actual attack on the grid happens. The researchers said one such training was hosted in collaboration with the Russian Ministry of Energy back in 2021.
A contractor may have developed it as a red-teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, the researchers state However, given the lack of conclusive evidence, we consider it also possible that a different actor either with or without permission reused code associated with the cyber range to develop this malware. Read more
NSA warns Citrix devices are under attack from Chinese hackers, so update
now
Chinese hackers snooped on US telco traffic for years
Here are the best firewalls right now
Still, given CosmicEnergys functionalities, the researchers cant exclude the possibility that the malware could be used in an actual attack.
In any case, the malware wasnt seen in the wild, the researchers told TechCrunch . They also told the publication that the malware lacks discovery capabilities, meaning threat actors would first need to recon the compromised network for things like IP addresses and credentials, before being able to mount an attack.
The discovery of new OT [operational technology] malware presents an
immediate threat to affected organizations since these discoveries are rare and because the malware principally takes advantage of insecure by-design features of OT environments that are unlikely to be remedied any time soon, the researchers concluded. Check out the best endpoint protection services around
Via: TechCrunch
======================================================================
Link to news story:
https://www.techradar.com/news/this-dangerous-russian-linked-malware-could-shu t-down-power-grids
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)