Security researchers from Mandiant according to their findings CosmicEnergy malware, developed by a Russia-based information technology company, targets RTU devices that are used to manage various industrial systems in Asia, Europe and the Middle East.
First spotted on VirusTotal by a Russian IP address in December 2021, the malware also bears several similarities with the Industroyer and Industroyer V2 malicious campaigns targeting Ukraine.
The malware appears to have been developed by Russian cybersecurity company Rostelecom-Solar aka Solar Security, Mandiant said. As a result of the analysis, it was said that CosmicEnergy includes modules from a project called “Solar Polygon” and that the company received various funds from the Russian government to simulate power cuts.
Although the researchers said they could not pinpoint the exact source of the pest, they also underlined that these tools may have been specially developed by Rostelecom-Solar to conduct various well-intentioned security tests and cyber drills on energy grids.
However, it is also stated that attackers can carry out effective cyber attacks on various targets using tools that have become available on platforms such as VirusTotal and pose a serious threat to industrial systems.
Source: Technopat by www.technopat.net.
*The article has been translated based on the content of Technopat by www.technopat.net. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!
