A new malware called IOCONTROL affects Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in the US and Israel.
Unfortunately, cyber attacks on critical infrastructure are no longer uncommon. State-sponsored hacker groups target foreign targets in order to either obtain information or to disrupt processes in important parts of the provision of supplies to the civilian population. Security researchers from Claroty's Team82 have now discovered a new malware that specifically attacks Internet of Things (IoT) devices and OT/SCADA systems used in parts of the critical infrastructure in Israel and the USA.
The attacked devices include routers and IP cameras as well as programmable logic controllers, human-machine interfaces, firewalls and fuel management systems. The malware has a modular structure, which means it can compromise many different devices from different manufacturers. For example, D-Link, Hikvision, Baicells, Red Lion, Orpak, Phoenix Contact, Teltonika and Unitronics are affected.
Israeli and American systems
The attackers are currently focusing on all Russian and American systems such as Orpak and Gasboy, which are apparently part of the Iranian hacker group CyberAv3ngers, which has already attacked industrial systems in the past. According to OpenAI, the group also uses ChatGPT to crack PLCs, develop custom Bash and Python exploit scripts, and for post-compromise activity planning.
Claroty security researchers managed to extract a sample of the malware from a Gasboy fuel management system, where it was hidden in the payment terminal. In these devices, IOCONTROL can control both the pumps and the payment terminals and other peripheral systems, which could lead to malfunctions or data theft.
It is still unclear how the malware was introduced into these systems, but the hackers stated via the messenger Telegram that they should have already owned around 200 gas stations in Israel and the USA, which is consistent with the findings of the security researchers from Claroty covers.
The malware is currently not detected by any of the 66 VirusTotal antivirus engines. Together with the previously unknown infection route of malware, this represents a major challenge for those responsible for security and shows that malware poses a serious threat as a weapon in cyber warfare.
(lb/8com)
