TIP: Click on subject to list as thread! ANSI
echo: politics
to: All
from: Mike Powell
date: 2024-12-14 09:27:00
subject: Critical infrastructure b
Critical infrastructure being hit by dangerous new malware - routers,
firewalls and fuel systems all under threat

Date:
Fri, 13 Dec 2024 15:06:27 +0000

Description:
Iranian hackers emerge with a new piece of malware, and they're going after
gas stations and other critical infrastructure.

FULL STORY

American and Israeli critical infrastructure is being targeted by a dangerous
new piece of malware , and the culprits seem to be Iranian. 

Cybersecurity researchers Claroty obtained a sample of the malware, called
IOCONTROL, from a compromised industrial system, and analyzed it. 

An Iranian state-sponsored group known as CyberAv3ngers is suspected of 
having built and deployed IOCONTROL - and while it is not known by which
methods the hackers managed to infect their victims with IOCONTROL, the
targets seem to be Internet of Things (IoT) devices and OT/SCADA systems used
in critical infrastructure organizations in above-mentioned countries. 

Modular malware 

The devices mostly targeted are routers, programmable logic controllers 
(PLC), human-machine interfaces (HMI), IP cameras, firewalls, and fuel
management systems. In fact, it was a Gasboy fuel management system - the
device's payment terminal (OrPT) - from which a sample was extracted to begin
with. 

Claroty says the malware is modular, and can be used for data exfiltration,
and possibly even service disruption. Some of the commands supported include
exfiltrating detailed system information, running arbitrary OS commands, and
scanning specified IP ranges and ports for other potential targets. The
malware can apparently control pumps, payment terminals, and other
peripherals. 

IOCONTROL can be installed on D-Link, Hikvision, Baicells, Red Lion, Orpak,
Phoenix Contact, Teltonika, and Unitronics gear, it was added. 

While the exact number of victims isnt known, CyberAv3ngers told their
followers on Telegram that they compromised 200 gas stations in Israel and 
the US, and Claroty believes the group isnt exaggerating. The majority of the
attacks happened late in 2023, although the researchers did spot new 
campaigns in mid-2024. 

Iran's state-sponsored threat actors are among the most active in the global
cyber threat landscape, focusing on espionage, sabotage, and disinformation
campaigns. Some of the most notable ones are APT33 (AKA Refined Kitten), 
APT34 (OilRig/Helix Kitten), MuddyWater (Static Kitten/Seedworm), and 
Charming Kitten (APT35/Phosphorus). 

 Via BleepingComputer

======================================================================
Link to news story:
https://www.techradar.com/pro/security/critical-infrastructure-being-hit-by-da
ngerous-new-malware-routers-firewalls-and-fuel-systems-all-under-threat

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SOURCE: echomail via QWK@pharcyde.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.