1. Forum
  2. TQWNet
  3. TQW GENTECH

  • Critical infrastructure being hit by dangerous new malware - rout

    From TechnologyDaily@1337:1/100 to All on Friday, December 13, 2024 15:15:06
    Critical infrastructure being hit by dangerous new malware - routers, firewalls and fuel systems all under threat

    Date:
    Fri, 13 Dec 2024 15:06:27 +0000

    Description:
    Iranian hackers emerge with a new piece of malware, and they're going after gas stations and other critical infrastructure.

    FULL STORY ======================================================================Cybersec urity researchersuncoer new piece of malware called IOCONTROL It targets IoT devices in critical infrastructure organizations IOCONTROL is modular, and capable of targeting devices from multiple manufacturers

    American and Israeli critical infrastructure is being targeted by a dangerous new piece of malware , and the culprits seem to be Iranian.

    Cybersecurity researchers Claroty obtained a sample of the malware, called IOCONTROL, from a compromised industrial system, and analyzed it.

    An Iranian state-sponsored group known as CyberAv3ngers is suspected of
    having built and deployed IOCONTROL - and while it is not known by which methods the hackers managed to infect their victims with IOCONTROL, the targets seem to be Internet of Things (IoT) devices and OT/SCADA systems used in critical infrastructure organizations in above-mentioned countries.
    Modular malware

    The devices mostly targeted are routers, programmable logic controllers
    (PLC), human-machine interfaces (HMI), IP cameras, firewalls, and fuel management systems. In fact, it was a Gasboy fuel management system - the device's payment terminal (OrPT) - from which a sample was extracted to begin with.

    Claroty says the malware is modular, and can be used for data exfiltration, and possibly even service disruption. Some of the commands supported include exfiltrating detailed system information, running arbitrary OS commands, and scanning specified IP ranges and ports for other potential targets. The malware can apparently control pumps, payment terminals, and other peripherals.

    IOCONTROL can be installed on D-Link, Hikvision, Baicells, Red Lion, Orpak, Phoenix Contact, Teltonika, and Unitronics gear, it was added.

    While the exact number of victims isnt known, CyberAv3ngers told their followers on Telegram that they compromised 200 gas stations in Israel and
    the US, and Claroty believes the group isnt exaggerating. The majority of the attacks happened late in 2023, although the researchers did spot new
    campaigns in mid-2024.

    Iran's state-sponsored threat actors are among the most active in the global cyber threat landscape, focusing on espionage, sabotage, and disinformation campaigns. Some of the most notable ones are APT33 (AKA Refined Kitten),
    APT34 (OilRig/Helix Kitten), MuddyWater (Static Kitten/Seedworm), and
    Charming Kitten (APT35/Phosphorus).

    Via BleepingComputer You might also like BlackByte ransomware returns with new tactics, targets VMware ESXi Here's a list of the best antivirus These
    are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/critical-infrastructure-being-hit-by-da ngerous-new-malware-routers-firewalls-and-fuel-systems-all-under-threat


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)