Inside a New OT/IoT Cyberweapon: IOCONTROL
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Team82 analyzed a sample of IOCONTROL, a custom-built IoT/OT malware used by Iran-affiliated attackers to target Israel and U.S.-based devices. The malware affects various IoT and SCADA/OT devices, including IP cameras, routers, PLCs, HMIs, and firewalls from multiple vendors. IOCONTROL is believed to be part of a global cyber operation against western IoT and OT devices, likely used as a cyberweapon by a nation-state to attack civilian critical infrastructure. The malware uses the MQTT protocol for C2 communication and employs stealth techniques like DNS over HTTPS. It has capabilities for arbitrary code execution, self-deletion, port scanning, and persistence through a daemon installation.
OPENCTI LABELS :
iot,iocontrol,scada,mqtt
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Inside a New OT/IoT Cyberweapon: IOCONTROL