Hackers are Targeting Industrial Systems with Malware

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
From the what-could-possibly-go-wrong files comes this: An industrial control engineer recently made a workstation part of a botnet after inadvertently installing malware advertising itself as a means for recovering lost passwords.

Lost passwords happen in many organizations. A programmable logic controller—used to automate processes inside factories, electric plants, and other industrial settings—may be set up and largely forgotten over the following years. When a replacement engineer later identifies a problem affecting the PLC, they can discover the now long-gone original engineer never left the passcode behind before departing the company. According to a blog post from security firm Dragos, an entire ecosystem of malware attempts to capitalize on scenarios like this one inside industrial facilities. Online advertisements like those below promote password crackers for PLCs and human-machine interfaces, which are the workhorses inside these environments.
 

[correlate]

Level 18
Verified
Top Poster
Well-known
May 4, 2019
825
Threat actors are targeting systems in industrial control environments with backdoor malware hidden in fake password-cracking tools. The tools, being touted for sale on a variety of social media websites, offer to recover passwords for hardware systems used in industrial environments.


Researchers from Dragos recently analyzed one such password-cracking product and found it to contain "Sality," an old malware tool that makes infected systems part of a peer-to-peer botnet for cryptomining and password cracking.
 
  • Like
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top