Technology Unearthed: CosmicEnergy, Malware For Causing Kremlin-Style Power Disruptions

-

Unearthed: CosmicEnergy, Malware For Causing Kremlin-Style Power Disruptions

An anonymous reader quotes a report from Ars Technica: Researchers have uncovered malware designed to disrupt electric power transmission and may have been used by the Russian government in training exercises for creating or responding to cyberattacks on electric grids. Known as CosmicEnergy, the malware has capabilities that are comparable to those found in malware known as Industroyer and Industroyer2, both of which have been widely attributed by researchers to Sandworm, the name of one of the Kremlin’s most skilled and cutthroat hacking groups.

Researchers from Mandiant, the security firm that found CosmicEnergy, wrote: “COSMICENERGY is the latest example of specialized OT malware capable of causing cyber physical impacts, which are rarely discovered or disclosed. What makes COSMICENERGY unique is that based on our analysis, a contractor may have developed it as a red teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, a Russian cyber security company. Analysis into the malware and its functionality reveals that its capabilities are comparable to those employed in previous incidents and malware, such as INDUSTROYER and INDUSTROYER.V2, which were both malware variants deployed in the past to impact electricity transmission and distribution via IEC-104. The discovery of COSMICENERGY illustrates that the barriers to entry for developing offensive OT capabilities are lowering as actors leverage knowledge from prior attacks to develop new malware. Given that threat actors use red team tools and public exploitation frameworks for targeted threat activity in the wild, we believe COSMICENERGY poses a plausible threat to affected electric grid assets. OT asset owners leveraging IEC-104 compliant devices should take action to preempt potential in the wild deployment of COSMICENERGY.”

Right now, the link is circumstantial and mainly limited to a comment found in the code suggesting it works with software designed for training exercises sponsored by the Kremlin. Consistent with the theory that CosmicEnergy is used in so-called Red Team exercises that simulate hostile hacks, the malware lacks the ability to burrow into a network to obtain environment information that would be necessary to execute an attack. The malware includes hardcoded information object addresses typically associated with power line switches or circuit breakers, but those mappings would have to be customized for a specific attack since they differ from manufacturer to manufacturer. “For this reason, the particular actions intended by the actor are unclear without further knowledge about the targeted assets,” Mandiant researchers wrote.

Read more of this story at Slashdot.

Source:

Read More 

Latest news

Binance settlement ‘net positive’ for cryptocurrency industry — Mike Novogratz

Galaxy Digital CEO Mike Novogratz believes Binance has satisfied regulators and users after its $4.3 billion settlement...

Bitcoin ETF will drive 165% BTC price gain in 2024 — Standard Chartered

Bitcoin supply shock tactics give way to ETF hype in Standard Chartered’s new $100,000 BTC price prediction. Bitcoin...

Mastercard launches generative AI chatbot to help you shop online

Digital personalization company Dynamic Yield by Mastercard was purchased from McDonalds in 2022. Digital personalization company Dynamic Yield...

Courts will provide 'good guidance' for crypto — CFTC commissioner

Kristin Johnson proposed several potential paths for handling digital assets in the United States — through Congress,...

Is Real Estate Still a Reliable, Inflation-Proof Investment Heading Into 2024?

Will the housing market be strong enough next year to make it a good investment decision? Read...

HELOC or Cash-Out Refi? What’s the Best Choice in 2024

Here’s a look at the tradeoff between HELOCs and cash-out refinances—the two most common and popular ways to tap into your...
Advertisement

Must read

Binance settlement ‘net positive’ for cryptocurrency industry — Mike Novogratz

Galaxy Digital CEO Mike Novogratz believes Binance...

Bitcoin ETF will drive 165% BTC price gain in 2024 — Standard Chartered

Bitcoin supply shock tactics give way to...
Advertisement

You might also likeRELATED
Recommended to you