Outbreak Alert

CosmicEnergy Malware

Released: Jun 01, 2023

High Severity

Malware, OT/ICS Type

New OT Malware designed to cause electric power disruption

A new malware called CosmicEnergy has been discovered that targets operational technology sector. According to the reports, the malware is designed to cause electric power disruption by exploiting IEC 60870-5-104 (IEC-104) protocol, which are commonly used in electric transmission and distribution operations in Europe, the Middle East, and Asia. Learn More »

Background

CosmicEnergy is similar in its capabilities to previous OT malware families Industroyer and Industroyer 2.0, as both variants aim to cause electric power disruption through targeting devices commonly used in electric transmission and distribution operations. According to the reports, CosmicEnergy is possibly associated with Russian government-funded power disruption and emergency response exercises.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

May 25, 2023: Mandiant released a blog on CosmicEnergy Malware.
https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response

May 25, 2023: FortiGuard Labs released a Threat Signal.
https://www.fortiguard.com/threat-signal-report/5171/

FotiGuard Labs has released Antivirus signatures for known malware and has behaviour detection engine service to detect other unknown and 0-day malware. FortiGuard Labs recommends organizations to review their OT/ICS security posture and always follow best practices for Operational Technology (OT) Security.
https://www.fortinet.com/resources/cyberglossary/ot-security-best-practices

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Lure
Decoy VM
AV
AV (Pre-filter)
Behavior Detection

DETECT

IOC
Outbreak Detection
Threat Hunting
Content Update

RESPOND

Assisted Response Services
Automated Response

RECOVER

InfoSec Services

IDENTIFY

Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

References

Sources of information in support and relation to this Outbreak and vendor.

Mandiant

Learn More »

Industrial Cyber

Learn More »

Bleeping Computer

Learn More »

Dark Reading

Learn More »

The Hacker News

Learn More »

Washington Post

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Outbreak Alert

CosmicEnergy Malware

New OT Malware designed to cause electric power disruption

Background

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

IOC Threat Activity

References

Mandiant

Industrial Cyber

Bleeping Computer

Dark Reading

The Hacker News

Washington Post

About FortiGuard Outbreak Alerts

Threat Intelligence
Center