2023: Spread of a virus that destroys power grids
On May 25, 2023, an American company announced cyber security Mandiant the emergence of a dangerous malware capable of physically destroying equipment as part of critical infrastructures, including electrical networks.
The malware was called CosmicEnergy. Its sample was uploaded for verification to the VirusTotal service back in December 2021, but it took a significant time to analyze the code. Mandiant experts found that CosmicEnergy is similar in functionality to Industriroyer, an extremely dangerous malware designed to disrupt critical processes in industrial control systems. The malware, in particular, allows attackers to directly control circuit breakers and circuit breakers at electrical substations. Cybercriminals can, for example, provoke a power outage or even completely disable equipment.
CosmicEnergy uses the IEC 60870-5-104 (IEC-104) protocol, so it can communicate with specialized object communication devices (RTUs). Such equipment is commonly used in the electric power industry in Europe, the Middle East and Asia. According to Mandiant, the information contained in the CosmicEnergy code indicates that the program could have been created as part of a power outage modeling exercise organized by Rostelecom-Solar.
CosmicEnergy is also reported to have technical similarities to other malware specifically designed to attack industrial sites. This is, in particular, the Triton malware, which was used in a cyber attack on a petrochemical enterprise in Saudi Arabia in 2017, as well as the Incontroller virus, created to manipulate industrial processes.[1]
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |