Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure

Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure

April 15, 2024 at 09:54AM

Cybersecurity firm Claroty analyzed Fuxnet, an ICS malware used by Ukrainian hackers in attacks on Russian infrastructure. Hacker group Blackjack allegedly caused damage and exfiltrated data, claiming to disable Russia’s industrial sensor infrastructure. Claroty confirmed Fuxnet targeted 500 sensor gateways in Moscow, attempting physical destruction but likely not harmful to the actual sensors.

Based on the meeting notes, it is clear that the cybersecurity firm Claroty has conducted an analysis of the Fuxnet malware based on information and code made available by the hacker group Blackjack. The analysis revealed that the actual sensors deployed by the Moscow-based company Moscollector were likely not impacted by Fuxnet. Instead, the malware targeted roughly 500 sensor gateways, which communicate with the sensors over a serial bus, causing damage that may require extensive repairs. Additionally, Claroty’s analysis demonstrated that Fuxnet was likely deployed remotely and caused significant destruction by deleting important files, disrupting sensors, and rendering the sensor data acquisition useless.

Claroty’s findings suggest that the hackers’ claim of compromising 87,000 devices was inaccurate, as it appears they only managed to infect the sensor gateways and were attempting to cause further disruption. Consequently, it seems that only the sensor gateways were affected and not the end-sensors. This has serious implications for the company’s infrastructure and operations, as significant repairs may be required to address the damage caused by the Fuxnet malware.

Full Article