Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids
As IEC-104 is generally not used in the US, which more commonly uses Distributed Network Protocol 3 , this malware variant doesn't pose a direct threat to American power grids and other industrial control systems, Lunden said.The malware has two components, which Mandiant calls PieHop and LightWork. PieHop, written in Python, is expected to run on a compromised host within a target's network. It connects to a MSSQL server and uploads files to that machine.
Judging from Mandiant's findings, PieHop uploads LightWork to the server and runs it. LightWork, written in C++, does the actual work of sending on or off commands to connected industrial equipment via the IEC-104 protocol. LightWork's executable is deleted immediately after it's used by PieHop. To pull off an attack, an intruder would need to infect a PC within a power supplier's network, find a Microsoft SQL Server on the network that has access to operational equipment, and obtain the login details for that box. PieHop is then run on the PC to upload LightWork to the server, which sends disruptive commands to connected industrial devices.
"The sample of PieHop we obtained contains programming logic errors that prevent it from successfully performing its IEC-104 control capabilities, but we believe these errors can be easily corrected," the researchers noted. And while they say there's not"sufficient evidence" to determine the malware's origin or purpose,"we believe that the malware was possibly developed by either Rostelecom-Solar or an associated party to recreate real attack scenarios against energy grid assets." ®
South Africa Latest News, South Africa Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Suspect in Deadly RI Shooting Was Spotted Outside Teen Girl's Bedroom Window Night BeforeThe man accused of shooting and killing two people in Rhode Island before fleeing the scene and being shot and killed by police had been caught peeping into a 15-year-old girl’s bedroom with a ladder the previous night, police say. Wednesday’s triple shooting on Ligian Court in Johnston led to the death of two adults and the injury of a…
Read more »
Risk and reward as Ron DeSantis links arms with Elon MuskRon DeSantis may have spotted an opportunity to bypass traditional campaign launches with Twitter.
Read more »
EU gas demand expected to fall by more than Russian imports in 2023\n\t\t\tJournalists in 50+ countries follow the constant flow of money made and lost in oil & gas while\n\t\t\ttracking emerging trends and opportunities in the future of energy. Don’t miss our exclusive\n\t\t\tnewsletter, Energy Source.\n\t\t
Read more »
Top Russian Miner Now Receives Half Of Its Revenue In Asia | OilPrice.comNorilsk Nickel, one of Russia's largest mining firms has made significant changes to its export strategy by redirecting a substantial portion of its shipments from Europe to Asian customers
Read more »
Dragonflies thriving at former Teesside industrial siteVisitors can now see the insects close-up at RSPB Saltholme, where a record 10 species were spotted.
Read more »