BlackEnergy*: More than power in a can, Mike Tyson* in an ICS APT !

Posté par : Maxime de Jabrun || 12 December 2014 à 15:52

BlackEnergy malware compromises ICS connected to Internet

Last month, the ICS-CERT published an alert about an Advanced Persistent Threat (APT) that was using the BlackEnergy malware to compromise Industrial Control Systems environment. It targeted human-machine interfaces connected to Internet and use various vulnerabilities to infect the system. Different products have been targeted including GE Cimplicity, Siemens WinCC and Advantech/Broadwin WebAccess. It looks like GE Cimplicity was the first product infected by the malware using the vulnerability CVE-2014-0751 and activity has been detected since 2012.

The attacker injected two .cim (Cimplicity screen file) files that are used to install the BlackEnergy malware on the system. According to the ICS-CERT, the malware did not attempt to modify or damage any victim systems’ control processes but it is extremely modular and plugins can be downloaded afterwards. The full plugin list is not known today but some have been identified and they are already quite dangerous (password stealer, remote desktop access, keylogger, etc…). Thus, any companies which have been running Cimplity with the IHM directly connected to Internet since 2012 could be infected with the malware.

Project SHINE: make the public aware

More...

Tags : , , , ,

Catégorie(s) : Veille

Les blogueurs

C'est à l'occasion de notre première participation aux Assises de la Sécurité que nous avons eu envie de créer un espace ouvert aux professionnels qui partagent nos centres d'intérêt.

Un espace d'échanges donc qui nous donne le loisir d'exprimer nos points de vue sur les problématiques Risque et Sécurité mais surtout - et nous l'espérons - de recueillir vos avis éclairés.

Twitter