Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security

Unearthed: CosmicEnergy, Malware For Causing Kremlin-Style Power Disruptions (arstechnica.com) 45

An anonymous reader quotes a report from Ars Technica: Researchers have uncovered malware designed to disrupt electric power transmission and may have been used by the Russian government in training exercises for creating or responding to cyberattacks on electric grids. Known as CosmicEnergy, the malware has capabilities that are comparable to those found in malware known as Industroyer and Industroyer2, both of which have been widely attributed by researchers to Sandworm, the name of one of the Kremlin's most skilled and cutthroat hacking groups.

Researchers from Mandiant, the security firm that found CosmicEnergy, wrote: "COSMICENERGY is the latest example of specialized OT malware capable of causing cyber physical impacts, which are rarely discovered or disclosed. What makes COSMICENERGY unique is that based on our analysis, a contractor may have developed it as a red teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, a Russian cyber security company. Analysis into the malware and its functionality reveals that its capabilities are comparable to those employed in previous incidents and malware, such as INDUSTROYER and INDUSTROYER.V2, which were both malware variants deployed in the past to impact electricity transmission and distribution via IEC-104. The discovery of COSMICENERGY illustrates that the barriers to entry for developing offensive OT capabilities are lowering as actors leverage knowledge from prior attacks to develop new malware. Given that threat actors use red team tools and public exploitation frameworks for targeted threat activity in the wild, we believe COSMICENERGY poses a plausible threat to affected electric grid assets. OT asset owners leveraging IEC-104 compliant devices should take action to preempt potential in the wild deployment of COSMICENERGY."

Right now, the link is circumstantial and mainly limited to a comment found in the code suggesting it works with software designed for training exercises sponsored by the Kremlin. Consistent with the theory that CosmicEnergy is used in so-called Red Team exercises that simulate hostile hacks, the malware lacks the ability to burrow into a network to obtain environment information that would be necessary to execute an attack. The malware includes hardcoded information object addresses typically associated with power line switches or circuit breakers, but those mappings would have to be customized for a specific attack since they differ from manufacturer to manufacturer. "For this reason, the particular actions intended by the actor are unclear without further knowledge about the targeted assets," Mandiant researchers wrote.

This discussion has been archived. No new comments can be posted.

Unearthed: CosmicEnergy, Malware For Causing Kremlin-Style Power Disruptions

Comments Filter:
  • Industroyer

    • Industroyer

      I believe a fair measure of the creativity of those names are how well they would work as band names and I think that one is pretty good. CosmicEnergy not so much, it's been done and they only released one album https://www.discogs.com/artist... [discogs.com]

    • by fintux ( 798480 )
      Russia has a record of hybrid warfare, including attacks on multiple entities of infrastructure in many Western countries. One of the more recent ones was a cyber attack on the German public transit. Also, it is currently waging an unprovoked war invading Ukraine, and it has mostly used its missiles against civilian infrastructure, the power grid being a frequent target. But yeah, developing a malware against power grids is crossing a red line russia is not willing to do, _obviously_.
      • by gtall ( 79522 )

        "But yeah, developing a malware against power grids is crossing a red line russia is not willing to do, _obviously_."

        Yet. It will only take the prospect of a Ukrainian victory before the Great Putini figures he has nothing left to lose.

        • "But yeah, developing a malware against power grids is crossing a red line russia is not willing to do, _obviously_."

          Yet. It will only take the prospect of a Ukrainian victory before the Great Putini figures he has nothing left to lose.

          Considering Ukraine just sank another Russian warship [cnn.com] and seriously damaged at least two others, victory is coming closer.

          • You folks will just believe anything. Even your own CNN article's headline is "Ukraine claims..." The words 'sank' or 'sunk' don't even appear once. It doesn't help to just lie all the time.

            • You folks will just believe anything. Even your own CNN article's headline is "Ukraine claims..." The words 'sank' or 'sunk' don't even appear once. It doesn't help to just lie all the time.

              Remember when Ukraine said it sank the Moskva and Russia denied it? Remember how we've never seen another picture of the Moskva or heard from any of its crew? Yeah, that was awesome.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        Russia has a record of hybrid warfare, including attacks on multiple entities of infrastructure in many Western countries. One of the more recent ones was a cyber attack on the German public transit.

        I'm not seeing it, so reading material would be welcome. I do know that they didn't pioneer the "cyber attack on infrastructure" trick. The US ( boobytrapped tech to sabotage gas pipelines [washingtonpost.com]) and the US plus Israel (stuxnet [wikipedia.org]) are just two examples.

        Also, it is currently waging an unprovoked war invading Ukraine,

        Not unprovoked at all, anybody with eyes to see saw it coming years away. But do keep on repeating that party line talking point, do keep embiggening the lie, eh.

        No, I'm not saying they're justified. I'm saying they weren't unprovoked. There is a difference and it is

        • Re:Paranoia (Score:4, Interesting)

          by HiThere ( 15173 ) <[ten.knilhtrae] [ta] [nsxihselrahc]> on Friday May 26, 2023 @09:02AM (#63552793)

          Whether Russia has a record of "hybrid warfare" depends on what you count and who you believe. It can be either very aggressive or rather passive, depending on that. Did they attach the German public transit? Are the various "private groups" agents of the Russian government? Did they actually do what various groups claim?

          I don't think there's a reasonable basis (for me...or most people) to decide one way or another on those questions. But it's certainly not unreasonable to believe that Russia has been aggressively attacking various western countries in various different ways for over a decade. (It's also not unreasonable to doubt a lot of those reports.)

        • by CAIMLAS ( 41445 )

          It's pretty amazing how out-and-out propaganda tends to get modded up here on /. these days, but comments like yours, which gets worded in as neutral and accommodating fashion as possible, ends up getting modded down as flaimbait or troll more often than not.

        • by sjames ( 1099 )

          Just because you could see it coming doesn't mean it was provoked.

    • please, mod this rant down, someone. Thanks!

    • Man, nobody got The Kinks reference. Oh well.

  • by Petr Blazek ( 8018844 ) on Friday May 26, 2023 @05:04AM (#63552277)

    just to save time for those who are not familiar with this area...

  • Sad to see Russia wasting its time.
    There are so many discoveries they could have made for us.
    Space, AI, the Basic Sciences.
  • While Russia may have used it, I would be extremely surprised if it was their tool originally.

    We have seen repeated attacks on global infrastructure which have been blamed on hacking groups and Russia over the years, but the fingerprints consistently come back with US intelligence as the origin.

No spitting on the Bus! Thank you, The Mgt.

Working...