Sign in / up

back to article Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids

Malware designed to disrupt electric power grids was likely developed by a Russian contractor, according to Mandiant's threat intel team that discovered the malicious software and dubbed it CosmicEnergy. Mandiant spotted the industrial-equipment malware after it was uploaded to VirusTotal, which is a little unusual — albeit a …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. sitta_europea Silver badge

    I remember when I was young, that we didn't have the Internet - because there wasn't one - but we did have electricity.

    And it was a lot cheaper, in real terms, than it is now.

    But what do I know? I'm just a Chartered Electrical Engineer.

    11 2 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Those electromechanical relays used for P&C purposes continue to be useful because “unhackable” in a computer sense of word. But if you want a remotely controllable substation, at some level, some comms is needed and therefore has vulnerability regardless of relay type.

      Most of the cost in new build now is in land and/or planning permission BS. Very few engineers, but endless accountants and red tape specialists. Actual transmission hardware is 10x cheaper today than it was in 1965 (e.g. 400kV circuit breakers used to be about £1M a pop in 1970s terms. Today, £100k in todays terms is not unusual.

      Hardware has came down but crazy market mech like CfD, ROC and the way marginal prices work all conspire to shove prices up. That’s fine if you’re a wealthy investor profiting. Not so good for enabling industry and growth. You know, that thing we’ve lacked for about 2 decades.

      A/C as employed at one of the outfits that does this for a living too.

      7 0 Reply
      1. Jellied Eel Silver badge
        Reply Icon

        Hardware has came down but crazy market mech like CfD, ROC and the way marginal prices work all conspire to shove prices up. That’s fine if you’re a wealthy investor profiting. Not so good for enabling industry and growth. You know, that thing we’ve lacked for about 2 decades.

        There's a lot to be said for simplicity. On the one hand, we have lobby groups pushing to profit from more distributed 'smart' grids with microgenerators, storage etc. On the other, people that have to make it all work and deliver a consistent 240v at 50hz at an affordable price. Plus support interesting challenges like delivering 3-phase to millions of households that will be getting heat pumps and wanting to fast charge their EVs. Part of me wonders whether Tesla was right and we should have gone with DC, but that would be an.. interesting changeover to manage. Rather than trying to convert the gas network to H2, perhaps it should just be used as ductwork for DC.

        1 3 Reply
  2. Anonymous Coward
    Anonymous Coward

    Negligence to run windows in safety critical infrastructure

    The world is run by lemmings.

    Evolution of the human species has stalled, maybe we need a rapid increase in the development of AI to enable a wipe-out and restart.

    2 1 Reply
  3. Arthur the cat Silver badge

    dubbed it CosmicEnergy

    The new party game: given a name, decide whether it's an ageing hippy selling crystals and cosmic woo or a hostile state actor intending to trash your infrastructure..

    0 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    I'm starting to feel a bit old

    And I am a bit confused by this.

    Being retired from work for some 5 years and it being a few years more since I was involved directly with this technology, I am probably out of touch.

    But I can't envision any scenario where a Database engine would arbitrarily send commands to the remote equipment. Such a process/interface would not exist.

    By far the majority of communication is data collection, from a fairly stable system. When abnormal events occur the (human) operators assess the situation before doing anything.

    For Grid level systems there may be Power Management Software that automatically tries to keep the balance between Generation and Consumption and manages the Load Flows, but this will be a suite of Real Time control software that may have taken its parameterisation from a SQL type database on initialisation, but any changes to this would be a manual process.

    Corrupting such parameters would obviously be possible using the techniques mentioned. But unless its structure is known, and also the full details of the power network structure and the associated 104 references, the new contents would be garbage.

    But maybe that would achieve the objective.

    0 0 Reply
    1. PRR Silver badge
      Reply Icon
      Mushroom

      Re: I'm starting to feel a bit old

      > ....retired ...for some 5 years ..., I am probably out of touch.

      I get that a lot too.

      > I can't envision any scenario where a Database engine would arbitrarily send commands to the remote equipment. Such a process/interface would not exist.

      The article here seems shy on details. It may be murky in the source material. For Reasons.

      "...need to infect a PC.., find a Microsoft SQL Server on the network that has access... the login details... PieHop is then run on the PC to upload LightWork to the server, which sends disruptive commands to connected industrial devices."

      So the "interface" is installed by the malware. The database is hacked(?) for login and device info. I would assume the next bit is to send arbitrary commands to random devices. Does "DFO776" turn up the hot water in the washroom? Turn-off the fire alarms? Or spin-up the turbine past max RPM? Attack commands may not need to make sense. Run enough of them, something bad(good) is likely.

      0 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: I'm starting to feel a bit old

      Consider how the black energy malware worked. Or stuxnet.

      You don't need to hit the SCADA to cause disruption. Events of e.g. Aug 2019 also demonstrate how a couple 'minor' events happening at same time caused national issues.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like