New Cyber ​​Threat Against European Power Grids


New IT security alert for electricians to take seriously. Mandiant experts say they have identified a new malware, Cosmicenergy, which could be used to disrupt power grids in Asia, Europe and the Middle East.

Concretely, this malware would “operate power line switches and circuit breakers in order to cause an interruption of the power supply”, explains Mandiant. According to the specialists of this cybersecurity company, the malicious software would have capacities comparable to Industroyer, developed by one of the units of the Russian military intelligence, the GRU, according to the American justice, and Industroyer.v2.

Spotted on VirusTotal

The first was described at the time by publisher Eset as the biggest threat to critical infrastructure since Stuxnet, while the second was discovered last year before it could come into action against targets in Ukraine.

Good news, Cosmicenergy was not discovered after investigations into a computer attack. The malware was indeed spotted by Mandiant in December 2021 after a sample was downloaded by a Russian Internet user on the VirusTotal platform, one of Google’s subsidiaries, like Mandiant. No attack involving the malware has been detected, the company said.

A Red team tool?

For the American company, the malware could be a training tool, intended for the teams in charge of the offensive – the Red teams – for exercises carried out by the cybersecurity company Rostelecom-Solar. Like, for example, those carried out in 2021 with the Russian Ministry of Energy or in 2022 for the International Economic Forum in Saint Petersburg.

But Mandiant also points out that it is possible that the malware was developed by another organization based on a tool originally dedicated to exercises. Anyway, this new malware “shows that the barriers to entry to develop offensive capabilities are decreasing,” warns the American company.





Source link -97