A threat actor is targeting industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine interfaces (HMIs), exploiting their pressing needs to turn industrial workstations into dangerous bots.
According to Dragos researchers, the adversary seems not to be interested in disrupting industrial processes but making money. The password-cracking software also carries a dropper that infects the machine with Sality malware, which:
