COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
Mandiant has identified a new operational technology (OT) malware called COSMICENERGY, which targets industrial control systems (ICS) and is designed to cause electric power disruption. The malware interacts with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), commonly used in electric transmission and distribution operations in Europe, the Middle East, and Asia. COSMICENERGY is potentially related to Russian emergency response exercises and may have been developed as a red teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, a Russian cybersecurity company. The malware's capabilities are similar to those employed in previous incidents and malware, such as INDUSTROYER and INDUSTROYER.V2. The discovery of COSMICENERGY highlights the lowering barriers to entry for developing offensive OT capabilities and poses a plausible threat to affected electric grid assets. Malware: CosmicEnergy, Industroyer, Triton, PIEHOP, LIGHTWORK [View Article](https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response)