Top
image credit: Pexels

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

May 26, 2023

A new strain of malicious software that’s engineered to penetrate and disrupt critical systems in industrial environments has been unearthed.

Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to the VirusTotal public malware scanning utility in December 2021 by a submitter in Russia. There is no evidence that it has been put to use in the wild.

“The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia,” the company said.

Read More on The Hacker News