In April 2024, FrostyGoop, an ICS malware, was discovered in a publicly available malware scanning repository. FrostyGoop can target devices communicating over Modbus TCP to manipulate control, modify parameters, and send unauthorized command messages. Modbus is a commonly used protocol across all industrial sectors. The Cyber Security Situation Center (CSSC), a part of the Security

This ICS/OT attack represents the latest evolution in Russia's cyber physical attack capability.

Mandiant identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which we track as COSMICENERGY, uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia.

A ransomware group has hit at least one water company in the United Kingdom, but there is some confusion over whose systems were actually breached.

Learn more about Dragos's discovery of an exploit introduced through password "cracking" software that targets industrial engineers and operators.

The attack was the first in five years to use Sandworm's Industroyer malware.

ESET researchers have responded to a cyber-incident that affected an energy provider in Ukraine and involved ICS-capable malware called Industroyer2.