Over the past few years state-sponsored attackers have been ramping up their capabilities of hitting critical infrastructure like power grids to cause serious disruptions. A new addition to this arsenal is a malware toolkit that seems to have been developed for red-teaming exercises by a Russian cybersecurity company.
Dubbed COSMICENERGY by researchers from Mandiant, the malware can interact with remote terminal units (RTUs) and other operational technology (OT) devices that communicate over the specialized IEC 60870-5-104 (IEC-104) protocol and are commonly used for electrical engineering and power automation.
“COSMICENERGY is the latest example of specialized OT malware capable of causing cyber physical impacts, which are rarely discovered or disclosed,” the Mandian researchers said in their report. “Analysis into the malware and its functionality reveals that its capabilities are comparable to those employed in previous incidents and malware, such as INDUSTROYER and INDUSTROYER.V2, which were both malware variants deployed in the past to impact electricity transmission and distribution via IEC-104.”
BrandPost: How the combination of XDR and SIEM can improve SOC operations
Atomic Wallet hack leads to at least $35M in stolen crypto assets
What is Business Continuity Management in Cybersecurity?