- Apr 25, 2013
- 5,355
At the beginning of the month, we have reported about the new surge of a Stuxnet-like malware “Havex”, which was previously targeting organizations in the energy sector, had been used to carry out industrial espionage against a number of companies in Europe and compromised over 1,000 European and North American energy firms.
Recently, researchers at security firm FireEye have discovered a new variant of Havex remote access Trojan that has capability to actively scan OPC (Object linking and embedding for Process Control)servers, used for controlling SCADA (Supervisory Control and Data Acquisition) systems in critical infrastructure, energy, and manufacturing sectors.
OPC is a communications standard that allows interaction between Windows-based SCADA or other industrial control systems (ICS) applications and process control hardware. New Havex variant gathers system information and data stored on a compromised client or server using the OPC standard. OPC is pervasive and is one of the most common ICS protocols.
“Threat actors have leveraged Havex in attacks across the energy sector for over a year, but the full extent of industries and ICS systems affected by Havex is unknown,” wrote the researchers from FireEye in a blog post. “We decided to examine the OPC scanning component of Havex more closely, to better understand what happens when it’s executed and the possible implications.”
Researchers set up a typical OPC server environment to conduct a real time test of the new variant's functionality. ICS or SCADA systems consist of OPC client software that interacts directly with an OPC server, which works in tandem with the PLC (Programmable Logic Controller) to control industrial hardware.
Full Article
Recently, researchers at security firm FireEye have discovered a new variant of Havex remote access Trojan that has capability to actively scan OPC (Object linking and embedding for Process Control)servers, used for controlling SCADA (Supervisory Control and Data Acquisition) systems in critical infrastructure, energy, and manufacturing sectors.
OPC is a communications standard that allows interaction between Windows-based SCADA or other industrial control systems (ICS) applications and process control hardware. New Havex variant gathers system information and data stored on a compromised client or server using the OPC standard. OPC is pervasive and is one of the most common ICS protocols.
“Threat actors have leveraged Havex in attacks across the energy sector for over a year, but the full extent of industries and ICS systems affected by Havex is unknown,” wrote the researchers from FireEye in a blog post. “We decided to examine the OPC scanning component of Havex more closely, to better understand what happens when it’s executed and the possible implications.”
Researchers set up a typical OPC server environment to conduct a real time test of the new variant's functionality. ICS or SCADA systems consist of OPC client software that interacts directly with an OPC server, which works in tandem with the PLC (Programmable Logic Controller) to control industrial hardware.
Full Article
