CosmicEnergy Malware Attacks Remote Terminal Units In Various Industrial Systems

According to Mandiant security researchers, a hacking group linked to the Russian cybersecurity outfit Rostelecom-Solaris attempting to disrupt the work of the remote terminal units located all over Europe, the Middle East, and Asia using new malware dubbed CosmicEnergy. CosmicEnergy was first seen in December 2021 when its sample was uploaded on VirusTotal by someone with a Russian IP address. The malware has common traits with malware that target the same area of energy supply systems. Examples of similar malware include Industroyer and Industroyer.V2 which were previously used in a cyberattack against Ukrainian power supply systems, and also IronGate, Triton, and Incontroller. Read more...