Secure Industrial Control Systems from CosmicEnergy and Similar Malware
CosmicEnergy malware, aimed at industrial control systems (ICS), no immediate threat to operational technology (OT), but caution is advised
Designed to interact with ICS devices in electric transmission, it can tamper with power line switches and circuit breakers
Linked to Russian threat actors, particularly targeting remote terminal units (RTUs) in Europe, the Middle East, and parts of Asia
Consists of two main components: LightWork for modifying RTU state and PieHop for uploading files and issuing commands
Not as advanced as other ICS malware like Industroyer, suggesting it may have been created for training purposes
– No evidence of the malware being deployed in the wild; may have been developed by a contractor at Rostelecom-Solar or based on their code.
Coding errors in PieHop prevented proper execution; LightWork lacks maturity and requires further development for full-fledge attacks.