Cybersecurity researchers at Mandiant recently spotted a new malware that attacks novel operational technology, industrial control system software. They fear it can cause electric power disruption in Europe, the Middle East and Asia because it interacts with devices like remote terminal units that are used within the transmission and distribution operations.
They identified a comment in the code that indicated association with Solar Polygon, which leads them to believe it has been developed by either Rostelecom-Solar or an associated party for the purpose of attacking energy grid assets. However, at this time they do not have enough conclusive evidence to provide a Russian link.
“It is possible that the malware was used to support exercises such as the ones hosted by Rostelecom-Solar in 2021 in collaboration with the Russian Ministry of Energy or in 2022 for the St. Petersburg’s International Economic Forum (SPIEF),” the report noted.
The capabilities of this new malware are not significantly different from previous malware families, but its discovery highlights the development of OT threat landscape malwares.
Mandiant is an American cybersecurity firm and a subsidiary of Google. It rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage.