Automation Direct DirectLogic Programmable Controllers

The main articles are:

• PLC (Programmable Logic Controller)
• APCS - typical structure
• SCADA purpose of systems

2022: DirectLogic PLC contamination with Sality malware

Attackers infect APCS malware using a reset tool. passwords This became known on July 18, 2022. From the infected ASU is created, botnet engaged cryptocurrency mining in cracking passwords.

Not so long ago, an advertisement for a tool for unlocking programmable logic controllers (PLCs) began to appear on the network. According to the authors, it unlocks and restores PLC and man-machine interface passwords from Automation Direct, Omron, Siemens, Fuji Electric, Mitsubishi, LG, Vigor, Pro-Face, Allen Bradley, Week, ABB and Panasonic.

However, everything turned out to be not so simple. Information security specialists from Dragos analyzed one of the cyber incidents that affected Automation DirectLogic PLCs and found that the device unlock tool extracts the password using a known vulnerability.

But behind this was the most interesting thing - the tool loaded the Sality malware, which creates a peer-to-peer botnet that uses the computing power of infected devices to crack passwords or mine cryptocurrency.

Dragos found that the exploit was limited to serial communication. Nevertheless, the researchers found a way to recreate it over Ethernet, which increased the level of danger. After examining the software infected with Sality, Dragos reported the vulnerability to Automation Direct, and the manufacturer promptly released fixes for it. However, the hacker campaign continues, so experts recommend that PLC administrators from other manufacturers remain on the alert^[1].

Notes