Inside a New OT/IoT Cyberweapon: IOCONTROL
Dec. 11, 2024, 7:35 p.m.
Tags
External References
Description
Team82 analyzed a sample of IOCONTROL, a custom-built IoT/OT malware used by Iran-affiliated attackers to target Israel and U.S.-based devices. The malware affects various IoT and SCADA/OT devices, including IP cameras, routers, PLCs, HMIs, and firewalls from multiple vendors. IOCONTROL is believed to be part of a global cyber operation against western IoT and OT devices, likely used as a cyberweapon by a nation-state to attack civilian critical infrastructure. The malware uses the MQTT protocol for C2 communication and employs stealth techniques like DNS over HTTPS. It has capabilities for arbitrary code execution, self-deletion, port scanning, and persistence through a daemon installation.
Date
Published: Dec. 11, 2024, 7:19 p.m.
Created: Dec. 11, 2024, 7:19 p.m.
Modified: Dec. 11, 2024, 7:35 p.m.
Indicators
1b39f9b2b96a6586c4a11ab2fdbff8fdf16ba5a0ac7603149023d73f33b84498
159.100.6.69
uuokhhfsdlk.tylarion867mino.com
ocferda.com
Attack Patterns
IOCONTROL
CyberAv3ngers
T1547.006
T1053.003
T1102.002
T1027.002
T1572
T1571
T1059.004
T1497
T1070.004
T1016
T1082
T1083
T1595
T1046
T1036
T1140
T1027
T1190
T1133
T1078
Additional Informations
Energy
Government
Israel
United States of America