Cyberav3nger IOcontrol

Posted on By Treadstone 71

Claroty, a cybersecurity firm specializing in industrial control systems (ICS), has reported the discovery of a sophisticated malware strain named IOCONTROL. This malware targets critical infrastructure components, including routers, firewalls, and industrial control equipment, within sectors such as water management, gas stations, and telecommunications. Notably, IOCONTROL has evaded detection by leading cybersecurity platforms, including Joe Sandbox and VirusTotal, posing significant challenges to researchers.

The malware’s design enables it to compromise a wide array of devices from various manufacturers, such as D-Link, Hikvision, and Phoenix Contact. Its modular architecture allows it to infect Internet of Things (IoT) and operational technology (OT) systems, leading to potential disruptions in critical infrastructure. Claroty’s analysis indicates that IOCONTROL has been employed in cyber operations against Western IoT and OT devices, with a particular focus on assets in Israel and the United States.

Claroty has ranked IOCONTROL among the top industrial destructive malware, placing it above notable threats like Stuxnet and BlackEnergy. This assessment underscores the heightened concern within cybersecurity circles regarding the malware’s potential impact and the extent of its proliferation.

The emergence of IOCONTROL highlights the evolving threat landscape facing critical infrastructure systems. Its ability to infiltrate and disrupt essential services necessitates a reevaluation of current security measures to safeguard against such advanced threats.

#ParsedReport #CompletenessHigh
12-12-2024

Inside a New OT/IoT Cyberweapon: IOCONTROL

https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol

Report completeness: High

Actors/Campaigns:
Cyberav3nger

Threats:
Iocontrol
Phoenix_keylogger
Unicorn
Upx_tool

Victims:
Orpak, Gasboy, Baicells, D-link, Hikvision, Red lion, Phoenix contact, Teltonika, Unitronics

Industry:
Iot, Critical_infrastructure, Petroleum, Ics

Geo:
Iran, Israel, Germany

TTPs:
Tactics: 1
Technics: 0

ChatGPT TTPs:
do not use without manual check
T1048, T1071.001, T1027, T1055.001, T1660, T1005

IOCs:
Domain: 3
Hash: 2
IP: 1
Url: 1

Soft:
ORPAK, curl, Linux, Gasboy, Telegram, QEMU, RabbitMQ, Twitter

Algorithms:
aes-256, sha256, aes-256-cbc

Languages:
python

Platforms:
arm

Iran Tags:

Related Posts

Copyright 2024

Discover more from The Cyber Shafarat -

Subscribe now to keep reading and get access to the full archive.

Continue reading