ICS Threat Analysis: New Malware Can Kill Engineering Processes
Dec. 18, 2024, 3:07 p.m.
Tags
External References
Description
An analysis of a public malware repository reveals a persistent presence of OT/ICS malware, with engineering workstations being a significant target. Two notable clusters were identified: Mitsubishi engineering workstation software infected with the Ramnit worm, and a new experimental malware named Chaya_003 capable of terminating Siemens engineering processes. The research highlights the evolving threat landscape in OT/ICS environments, emphasizing the need for enhanced security measures. Recommendations include hardening engineering workstations, proper network segmentation, and implementing comprehensive threat monitoring solutions across both IT and OT systems.
Date
Published: Dec. 18, 2024, 2:43 p.m.
Created: Dec. 18, 2024, 2:43 p.m.
Modified: Dec. 18, 2024, 3:07 p.m.
Indicators
fd8558b8a4165ebb47f120fa237c2ada306c430ae4cb2109eb644fd8b0b82b15
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
c1826e0d310a6a02f2ee1b5d88b6c0dd48baa8fe1dd99447e98e42c4ca023c96
b16a67f49ce5aa057236d2bff3e1ab2dcc2c6d3f2551e4520f54e125b2e289d8
ad5922bcc740e5761a708c526d023450ca278168ebcefaaf80f85815d6d6d24e
a1d721db0583eed0077bb8ab542ff15a806d24e2dbf13557b12842bd49995354
9579c6987ac8969d0b0cc0cc2a9da3b034fac41525d96fa79fa02d05813e70f9
8b585155cdc7fcbe3d2fa169b307756557ef0d69afb392726f577a73f11d5a97
703f0aac78d388f1fbe3800697015d092fa70cea2c01f22f456c8b1aa20a2334
69eb2b940ba1fc7bc46699eeb3ff11d921683609f636efae05c0cb796b588a38
5ec05f903cc94d559b8eb23aa749805b78de2845bd2317017bc8e50cdceb613f
5b63ca75f95dc549729bb6261e9dc22f6425547584366188770507bd964221b4
517e35b32c4a1dedb155bbd208422cd5c5d34b5ec378712b7e8182fd26473c7e
1f1035b91db1264eb94aa055cdb50f35f0c27744e77e74b7031e099b112a5837
1b8957804dfa7324d10bf6d7ca22fc038951ab57ab1e6838da9c63ad057c1d20
x86assembly.xyz
grpaper.com
az-security.info
432i.com
0g0d.com
Attack Patterns
Chaya_003
Ramnit
T1489
T1518
T1082
T1057
T1071
T1102
T1204
T1553
T1059
Additional Informations
Energy
Manufacturing
Belgium
Canada
United Kingdom of Great Britain and Northern Ireland
United States of America