CosmicEnergy Malware

Released: Jun 01, 2023


High Severity

Malware, OT/ICS Type


New OT Malware designed to cause electric power disruption

A new malware called CosmicEnergy has been discovered that targets operational technology sector. According to the reports, the malware is designed to cause electric power disruption by exploiting IEC 60870-5-104 (IEC-104) protocol, which are commonly used in electric transmission and distribution operations in Europe, the Middle East, and Asia. Learn More »

Background

CosmicEnergy is similar in its capabilities to previous OT malware families Industroyer and Industroyer 2.0, as both variants aim to cause electric power disruption through targeting devices commonly used in electric transmission and distribution operations. According to the reports, CosmicEnergy is possibly associated with Russian government-funded power disruption and emergency response exercises.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


May 25, 2023: Mandiant released a blog on CosmicEnergy Malware.
https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response


May 25, 2023: FortiGuard Labs released a Threat Signal.
https://www.fortiguard.com/threat-signal-report/5171/

FotiGuard Labs has released Antivirus signatures for known malware and has behaviour detection engine service to detect other unknown and 0-day malware. FortiGuard Labs recommends organizations to review their OT/ICS security posture and always follow best practices for Operational Technology (OT) Security.
https://www.fortinet.com/resources/cyberglossary/ot-security-best-practices

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
  • Lure

  • Decoy VM

  • AV

  • AV (Pre-filter)

  • Behavior Detection

DETECT
  • IOC

  • Outbreak Detection

  • Threat Hunting

  • Content Update

RESPOND
  • Assisted Response Services

  • Automated Response

RECOVER
  • InfoSec Services

IDENTIFY
  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0