The discovery of new malware targeting electricity networks — similar to that used to knock out Kyiv’s power supply in 2016 — shows “the barriers to entry are lowering” for industrial attacks, researchers say.
Threat research group Mandiant identified the new malware, which it calls CosmicEnergy, when the code was uploaded to a public malware scanning utility in December 2021.
In a fresh analysis of CosmicEnergy, published on May 25, Mandiant now says it was designed to disrupt power supplies by interacting with devices using the IEC-104 protocol, such as remote terminal units (RTUs) that are commonly used in electric transmission and distribution operations in Europe, the Middle East and Asia.
Mandiant’s report said CosmicEnergy was a rare find because specialized operational technology (OT) or industrial control system (ICS) malware capable of causing cyber physical impacts were seldom discovered or disclosed.
Comments