July 23, 2024 at 07:42AM
Researchers have identified a new ICS-focused malware, FrostyGoop, which targets industrial control systems using Modbus TCP to disrupt operational technology networks. It was used in a cyber attack on an energy company in Lviv, Ukraine, causing a 48-hour loss of heating services to over 600 apartment buildings. The incident highlights the serious threat to critical infrastructure.
From the meeting notes provided, it is clear that there has been a significant cybersecurity incident involving the discovery of a new Industrial Control Systems (ICS)-focused malware called FrostyGoop. The malware targets operational technology (OT) networks using Modbus TCP communications to interact directly with Industrial Control Systems (ICS) over port 502.
The incident occurred in a Ukrainian energy company in Lviv, resulting in a disruptive cyber attack that led to a loss of heating services to more than 600 apartment buildings for almost 48 hours. The adversaries behind FrostyGoop accessed the system by exploiting a vulnerability in Mikrotik routers in April 2023, and then sent Modbus commands to ENCO controllers, causing inaccurate measurements and system malfunctions.
The malware’s ability to read and modify data on ICS devices using Modbus TCP over port 502 poses a serious threat to critical infrastructure across multiple sectors. It has been emphasized that organizations must prioritize the implementation of comprehensive cybersecurity frameworks to safeguard critical infrastructure from similar threats in the future.
This incident underscores the importance of cybersecurity measures for the protection of critical infrastructure and public safety. It is imperative for organizations to stay vigilant and take proactive steps to mitigate the risks posed by ICS-focused malware.
If you have any further questions or if there are specific action items from this meeting, please let me know.