Electric Grid Cybersecurity Alliance

Electric Grid Cybersecurity Alliance Uniting the World's Utility Leaders to Protect Electric Grids from Cyberattack

Urgent post for our electric power friends... A new strain of malware out of Russia called CosmicEnergy poses a direct t...
06/03/2023

Urgent post for our electric power friends... A new strain of malware out of Russia called CosmicEnergy poses a direct threat to the safety of electric grids. Utility leaders should take note and take action to mitigate the threat.

HOW TO DEFEND YOUR UTILITY

The Electric Grid Cybersecurity Alliance (EGCA) will be doing a deep dive webinar and whitepaper on this new threat. If you'd like to participate, or just want advice, feel free to send me a direct message or comment below.

WHAT'S THE THREAT?

This new malware lets hackers control your power line switches and circuit breakers, enabling them to turn them on and off. That ability would enable significant service disruption and potentially cause physical damage to essential grid assets.

Mandiant/Google calls it “a plausible threat to affected electric grid assets”. They're right.

HOW DOES IT WORK?

Google's subsidiary, Mandiant, first discovered and analyzed the CosmicEnergy malware. It is specifically designed to target industrial control systems (ICS) in order to cause electric grid disruption.

CosmicEnergy does this by targeting operational technology that interacts with IEC 60870-5-104 (IEC-104) devices. It sends remote commands via RTUs that can control the switches and breakers. If you remember Industroyer, Industroyer2, Triton, and Incontroller, this is the next off the assembly line.

Good news: CosmicEnergy is not capable of carrying out an attack on its own without someone manually collecting IP addresses and user credentials.

Bad news: there are widespread suspicions that nation-state linked hackers have been doing exactly that for the past several years.

WHO IS AT RISK?

The risk is higher for utilities in Europe, the Middle East, and Asia. But all utilities, including in the United States, should take note.

Once again, the Electric Grid Cybersecurity Alliance (EGCA) will be doing a deep dive webinar and whitepaper on this new threat. If you'd like to participate, or just want advice, feel free to send me a direct message or comment below.

Mandiant has analyzed a new Russia-linked ICS malware named CosmicEnergy that is designed to cause electric power disruption.

Address

98 San Jacinto Boulevard, Suite 400
Austin, TX
78701

Telephone

+15123503344

Website

Alerts

Be the first to know and let us send you an email when Electric Grid Cybersecurity Alliance posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Organization

Send a message to Electric Grid Cybersecurity Alliance:

Shortcuts

Share

Category