New COSMICENERGY Malware Uses ICS Protocol to Sabotage


New COSMICENERGY Malware Uses ICS Protocol to Sabotage

The new threat intelligence firm Mandiant has discovered a new type of malware that uses remote commands to control the physical state of power lines and circuit breakers.

The company calls the malware COSMICENERGY, and it was first spotted in December 2021 by a submitter in Russia.

According to Mandiant, the malware can also affect the actuation of power transformers and switchgear to cause power disruption.

Its basic functions are as follows: It infects the machine with PIEHOP , which runs on the machine to upload LIGHTWORK to the server; then it executes LIGHTWEaver from the server, which sends disruptive remote commands to alter the state of the units over TCP.

While the malware’s capabilities are not significantly different from previous OT malware families, its discovery highlights sever notable developments in the OT threat landscape, Mandiant said.

Kapellmann Zafra concludes that defenders should familiar with prior OT


#shorts #techshorts #technews #tech #technology #malware COSMICENERGY #commands #electric power disruption

๐Ÿ‘‹ Feeling the vibes?

Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐Ÿ›๏ธ

If not, consider contributing to my caffeine supply at Buy Me a Coffee โ˜•๏ธ.

Your clicks = cosmic support for more awesome content! ๐Ÿš€๐ŸŒˆ


Leave a Reply

Your email address will not be published. Required fields are marked *