STATE ACTORS: COSMICENERGY - Mandiant Identifies malware that can physically harm power grids.
Posted By: Iain Fraser - Cybersecurity Journalist Gibraltar
Mandiant Identifies malware that can physically harm power grids. COSMICENERGY is the latest example of specialised OT malware capable of causing cyber physical impacts, which are rarely discovered or disclosed.
What makes COSMICENERGY unique is that based on our analysis, a contractor may have developed it as a red teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, a Russian cyber security company. Analysis into the malware and its functionality reveals that its capabilities are comparable to those employed in previous incidents and malware, such as INDUSTROYER and INDUSTROYER.V2, which were both malware variants deployed in the past to impact electricity transmission and distribution via IEC-104.
The discovery of COSMICENERGY illustrates that the barriers to entry for developing offensive OT capabilities are lowering as actors leverage knowledge from prior attacks to develop new malware. Given that threat actors use red team tools and public exploitation frameworks for targeted threat activity in the wild, we believe COSMICENERGY poses a plausible threat to affected electric grid assets. OT asset owners leveraging IEC-104 compliant devices should take action to preempt potential in the wild deployment of COSMICENERGY. Learn More /...
About Mandiant
Mandiant is recognised by enterprises, governments and law enforcement agencies worldwide as the market leader in threat intelligence and expertise gained on the front-lines of cyber security. To make every organisation confidently ready for cyber threats, Mandiant scales its intelligence and expertise through the Mandiant Advantage SaaS platform to deliver current intelligence, automation of alert investigation and prioritisation and validation of security controls products from a variety of vendors. Learn More /...
