1. Forum
  2. FidoNet
  3. POLITICS

  • Critical infrastructure b

    From Mike Powell@1:2320/105 to All on Sat Dec 14 09:27:00 2024
    Critical infrastructure being hit by dangerous new malware - routers,
    firewalls and fuel systems all under threat

    Date:
    Fri, 13 Dec 2024 15:06:27 +0000

    Description:
    Iranian hackers emerge with a new piece of malware, and they're going after
    gas stations and other critical infrastructure.

    FULL STORY

    American and Israeli critical infrastructure is being targeted by a dangerous new piece of malware , and the culprits seem to be Iranian.

    Cybersecurity researchers Claroty obtained a sample of the malware, called IOCONTROL, from a compromised industrial system, and analyzed it.

    An Iranian state-sponsored group known as CyberAv3ngers is suspected of
    having built and deployed IOCONTROL - and while it is not known by which methods the hackers managed to infect their victims with IOCONTROL, the
    targets seem to be Internet of Things (IoT) devices and OT/SCADA systems used in critical infrastructure organizations in above-mentioned countries.

    Modular malware

    The devices mostly targeted are routers, programmable logic controllers
    (PLC), human-machine interfaces (HMI), IP cameras, firewalls, and fuel management systems. In fact, it was a Gasboy fuel management system - the device's payment terminal (OrPT) - from which a sample was extracted to begin with.

    Claroty says the malware is modular, and can be used for data exfiltration,
    and possibly even service disruption. Some of the commands supported include exfiltrating detailed system information, running arbitrary OS commands, and scanning specified IP ranges and ports for other potential targets. The
    malware can apparently control pumps, payment terminals, and other
    peripherals.

    IOCONTROL can be installed on D-Link, Hikvision, Baicells, Red Lion, Orpak, Phoenix Contact, Teltonika, and Unitronics gear, it was added.

    While the exact number of victims isnt known, CyberAv3ngers told their followers on Telegram that they compromised 200 gas stations in Israel and
    the US, and Claroty believes the group isnt exaggerating. The majority of the attacks happened late in 2023, although the researchers did spot new
    campaigns in mid-2024.

    Iran's state-sponsored threat actors are among the most active in the global cyber threat landscape, focusing on espionage, sabotage, and disinformation campaigns. Some of the most notable ones are APT33 (AKA Refined Kitten),
    APT34 (OilRig/Helix Kitten), MuddyWater (Static Kitten/Seedworm), and
    Charming Kitten (APT35/Phosphorus).

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/critical-infrastructure-being-hit-by-da ngerous-new-malware-routers-firewalls-and-fuel-systems-all-under-threat

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)