WisePlant – A WiseGroup Company
ICS malware FrostyGoop takes advantage of Modbus weakness, remains a threat to OT worldwide. 1

ICS malware FrostyGoop takes advantage of Modbus weakness, remains a threat to OT worldwide.

.

In January 2024, a cyberattack using Russian-linked malware named FrostyGoop disrupted heating for over 600 apartment buildings in Lviv, Ukraine, during sub-zero temperatures. The attack targeted the district heating company Lvivteploenergo, affecting over 100,000 residents.

Here are the key points from the page:

  • FrostyGoop Malware: This is the ninth malware specifically targeting ICS systems and the first to use Modbus communications to attack OT environments.
  • Technical Details: Written in Golang, it interacts with ICS systems using Modbus TCP over port 502.
  • Ukraine Attack: Hackers used Modbus commands to cause inaccurate measurements and system malfunctions.
  • Attack Method: The attackers exploited a vulnerability in a MikroTik router to gain access to the network, deployed a webshell, and used L2TP connections from Moscow-based IP addresses.
  • Security Recommendations: Implementing SANS 5 Critical Controls for OT Cybersecurity is advised to protect against such attacks.
  • Detection and Risk: Antivirus software cannot currently detect FrostyGoop, and it poses significant risks to ICS systems exposed to the public internet.

The FrostyGoop malware attack in Ukraine was a significant incident that occurred in January 2024. Hackers used this malware to disrupt the heating services of over 600 apartment buildings in Lviv, Ukraine, during sub-zero temperatures. The attack lasted for two days, leaving many residents without heat during the harsh winter conditions.

The malware leveraged Modbus TCP communications to interact with the industrial control systems (ICS) of the district energy company. By sending Modbus commands to ENCO controllers, the attackers caused inaccurate measurements and system malfunctions, effectively shutting down the heating services.

This incident highlights the potential risks and vulnerabilities in ICS systems, especially those exposed to the public internet. The FrostyGoop malware is particularly concerning because it can be repurposed to target other industrial controllers, posing a threat to critical infrastructure worldwide.

Reference: Here

About the author: Kevin Harrys

Don't forget to subscribe to OT Connect Newsletter - The News That Matters.

OTC News Subscribe Slim


Take advantage of the "Cybersecurity Awareness Month" exclusive discounts on training before October 31st.

EN Training Value Pack


 

Get Involved & Participate!

Welcome to WisePlant
Industrial Cybersecurity and Safety Solutions

Comments

No comments yet