Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications

SUMMARY :

FrostyGoop, an operational technology (OT) malware, disrupted critical infrastructure in Ukraine in early 2024, affecting heating systems for over 600 apartment buildings. It is the first OT-centric malware to use Modbus TCP communications for such an impact. The malware can operate both within compromised networks and externally if devices are internet-accessible. It sends Modbus commands to read or modify data on industrial control systems. New samples and indicators were uncovered, including configuration files and libraries. The malware is compiled using Go and leverages specific open-source libraries. It implements debugger evasion techniques and can encrypt configuration files. Analysis revealed over 1 million Modbus TCP devices exposed to the internet, highlighting the increasing threat to critical infrastructure.

OPENCTI LABELS :

ukraine,critical infrastructure,golang,ot-malware,industrial control systems,bustleberm,modbus tcp,frostygoop


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications