Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Password recovery tool infects industrial systems with Sality malware
#1
Quote:A threat actor is infecting industrial control systems (ICS) to create a botnet through password "cracking" software for programmable logic controllers (PLCs).

Advertised on various social media platforms, the password recovery tools promise to unlock PLC and HMI (human-machine interface) terminals from Automation Direct, Omron, Siemens, Fuji Electric, Mitsubishi, LG, Vigor, Pro-Face, Allen Bradley, Weintek, ABB, and Panasonic.


Security researchers at industrial cybersecurity company Dragos analyzed one incident impacting DirectLogic PLCs from Automation Direct and discovered that the "cracking" software was exploiting a known vulnerability in the device to extract the password.

But behind the scenes the tool also dropped Sality, a piece of malware that creates a peer-to-peer botnet for various tasks that require the power of distributed computing to complete faster (e.g. password cracking, cryptocurrency mining).

Dragos researchers found that the exploit used by the malicious program was limited to serial-only communications. However, they also found a way to recreate it over Ethernet, which increases the severity.

More info HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers are targeting industrial systems with malware mrtrout 0 848 07-16-2022 , 06:46 PM
Last Post: mrtrout
  Password-Stealing Windows Malware has been Discovered mrtrout 0 931 07-24-2021 , 02:32 AM
Last Post: mrtrout
  BIOPASS RAT Infects Chinese Gambling Sites mrtrout 0 763 07-13-2021 , 07:08 AM
Last Post: mrtrout
  UNVEILING THE HIDDEN RISKS OF INDUSTRIAL AUTOMATION PROGRAMMING mrtrout 0 1,258 08-22-2020 , 01:30 AM
Last Post: mrtrout
  3 antimalware solutions for Linux systems sidemoon 0 1,253 04-18-2020 , 02:19 PM
Last Post: sidemoon



Users browsing this thread: 2 Guest(s)