China caught – again – with its malware in another nation's power grid Espionage-ware thought to have been developed by China has once again been spotted within the power grid of a neighboring nation. According to Symantec's Threat Hunter Team on Tuesday, a team dubbed Redfly infiltrated the national grid of an unnamed Asian nation using the ShadowPad Trojan, stole credentials, installed …
Keep in mind that Stuxnet was intended to disrupt nuclear weapons construction, while these are (theoretically) enabling the disruption of power grids. The first keeps civilians from getting killed. The second will likely kill civilians. (Presumably impacted military would just fire up generators.)
Any government-backed program to plant malware is deeply suspect, but at least with Stuxnet there was a justifiable reason.
Because they are required to? Because power sites are required to transmit live operational metering data to the grid? Because contracts demand full visibility of behaviour, performance, alerts, etc? Running energy systems, and much else, without a live internet connection is not realistic in this day and age.
But wait. The official way to fix this according to people like Symantec is to deploy even more complexity and intrusion detection software (and of course, their's is best), not actually take a sensible action to limit the exposure.
I'm not saying that you don't put tools in to detect intrusions, but if you limit the attack surface then they should have less to do.
China already have full ability to damage the UK or other grids where Solar power is popular.
Most Solar inverters are tied back to a Chinese manufacturers cloud platform for command and control.
All they need to do is switch all the solar inverters to the wrong frequency at the same time, or force full power to the grid or numerous other things and the grid would have a very bad day.
And we are adding more and more of these things to the grid daily.
Really? We have solar panels and an inverter. works OK and doesn't come with any connectivity at all. There is an LCD panel that tells you panel voltage and power that it is providing to your house and that's it.
In a previous life, a security manager wanted to have chinese cameras because they were cheaper, despite what we told him. Not trusting the devices, we put them in a dedicated VLAN and restricted the flux to the max. Then we saw in our logs of blocked flux that the cameras were trying to phone home. We didn't know what they intended to do, didn't have the time to investigate further, but never the vendor told us about this behaviour. Being careful with non EU devices is a must have.
Difficult to get any internet-connected device that doesn't want to send logging of some sort to the manufacturer. Should make an internation law/treaty that this is strictly opt-in, and what the reasons are for it. Breaching the law should result in big fines and compensation. Still, you should, as the poster did, ensure that they can't send data "home".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
