Mandiant identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which we track as COSMICENERGY, uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia.
A ransomware group has hit at least one water company in the United Kingdom, but there is some confusion over whose systems were actually breached.
Learn more about Dragos's discovery of an exploit introduced through password "cracking" software that targets industrial engineers and operators.