Dangerous malware linked to Russia could shut down the power grid
Buzz News
Cyber security researchers have uncovered a new dangerous malware designed to disrupt systems such as the energy grid or other critical infrastructure.
Experts at Mandiant dubbed the malware Cosmic Energy, and believe it is similar to a previously discovered sandworm. Sandworm is a notorious Russian state-sponsored malware designed to target the Ukrainian power grid in 2016.
The main difference between CosmicEnergy and Sandworm is that the former was not discovered after a security incident, but through threat hunting. Someone in Russia uploaded the malware to VirusTotal a year and a half ago, from where researchers at Mandiant picked it up.
developed for training
Apparently, the malware was developed by Rostelecom-Solar, the cyber security department of Russia’s national telecom operator Rostelecom.
The preliminary conclusion is that the malware was designed for training purposes, likely to educate IT departments on how to behave in the event of an actual attack on the grid. The researchers said that one such training was organized in 2021 in collaboration with the Russian Ministry of Energy.
“A contractor may have developed it as a red-teaming tool for a simulated power disruption exercise hosted by Rostelecom-Solar,” say the researchers. “However, given the lack of conclusive evidence, we also believe that a different actor – either with or without permission – reused code associated with CyberRange to develop this malware.
Nevertheless, given the functionalities of CosmicEnergy, the researchers cannot exclude the possibility that the malware could be used in an actual attack.
In any case, the malware had not been seen in the wild, the researchers reported. techcrunch, He also told the publication that the malware “lacks discovery capabilities,” meaning threat actors would first have to scour compromised networks for things like IP addresses and credentials before being able to mount an attack. .
“Discovering the New OT” [operational technology] The malware presents an immediate threat to affected organizations because these discoveries are rare and because the malware primarily takes advantage of insecure by-design features of OT environments, which is unlikely to be fixed any time soon,” the researchers said. concluded.
Via: techcrunch