"Security researchers have discovered new malware designed to bypass traditional physical and cybersecurity which could be used in an attack to shut down an energy grid."
Nation State Energy Grid Malware Bypasses Cyber and Physical Security
Click the links below to continue reading.
SentinelOne: SFG: Furtim's Parent
Via InfoSecurity
Nation State Energy Grid Malware Bypasses Cyber and Physical Security
"SentinelOne’s Joseph Landry and Udi Shamir explained in a lengthy analysis that despite some reports in the media, the malware has not been crafted to specifically target Scada systems, although it has been used to attack at least one energy company.
However, they did reveal that it’s likely to have been designed by an eastern European nation state, based on its sophistication, the “extreme measures it takes to evade detection,” and the fact it exhibits behavior seen in previous nation state rootkits.
They continued:
“The malware is most likely a dropper tool being used to gain access to carefully targeted network users, which is then used either to introduce the payload, which could either work to extract data or insert the malware to potentially shut down an energy grid. The exploit affects all versions of Microsoft Windows and has been developed to bypass traditional antivirus solutions, next-generation firewalls, and even more recent endpoint solutions that use sandboxing techniques to detect advanced malware. (Biometric readers are non-relevant to the bypass / detection techniques, the malware will stop executing if it detects the presence of specific biometric vendor software).”
That vendor is access control system manufacturer ZKTeco.
What makes this threat even more rare is that it was found on an underground forum – an unusual place for a piece of nation state malware."
However, they did reveal that it’s likely to have been designed by an eastern European nation state, based on its sophistication, the “extreme measures it takes to evade detection,” and the fact it exhibits behavior seen in previous nation state rootkits.
They continued:
“The malware is most likely a dropper tool being used to gain access to carefully targeted network users, which is then used either to introduce the payload, which could either work to extract data or insert the malware to potentially shut down an energy grid. The exploit affects all versions of Microsoft Windows and has been developed to bypass traditional antivirus solutions, next-generation firewalls, and even more recent endpoint solutions that use sandboxing techniques to detect advanced malware. (Biometric readers are non-relevant to the bypass / detection techniques, the malware will stop executing if it detects the presence of specific biometric vendor software).”
That vendor is access control system manufacturer ZKTeco.
What makes this threat even more rare is that it was found on an underground forum – an unusual place for a piece of nation state malware."
Click the links below to continue reading.
SentinelOne: SFG: Furtim's Parent
Via InfoSecurity
