It turns out that the two-day heating outage in Ukraine in the middle of winter was caused by a malware attack called 'FrostyGoop'
Cybersecurity company Dragos has reported that a cyber attack on a Ukrainian municipal energy company between January 22 and 23, 2024, was carried out by malware called 'FrostyGoop.'
Intel Brief: Impact of FrostyGoop ICS Malware on Connected OT Systems | Dragos
Hackers shut down heating in Ukrainian city with malware, researchers say | TechCrunch
FrostyGoop malware left 600 Ukrainian households without heat this winter
https://therecord.media/frostygoop-malware-ukraine-heat
In Ukraine, central heating facilities from power plants are being introduced in each region. In Lviv, a western city near the border with Poland, central heating was installed in more than 600 households, but the central heating was stopped due to a cyber attack on the municipal energy company 'LvivTeploEnergo' that occurred on January 22, 2024. It took about two days to repair, and during that time, the residents of Lviv had to endure subzero temperatures.
In April 2024, Dragos discovered 'FrostyGoop,' a malware for industrial control systems (ICS), from a public malware repository. According to Dragos, FrostyGoop manipulates the targeted ICS via Modbus , an old protocol widely used around the world to control devices in industrial environments.
'The attackers reported inaccurate measurements to ENCO controllers designed to control processes in the central heating substation modules or boiler plants, causing the systems to malfunction. This resulted in the central heating being shut down,' Dragos said.
Dragos pointed out that FrostyGoop's intrusion route 'may have been exploiting vulnerabilities in MikroTik routers that are widespread on the Internet to access the LvivTeploEnergo network.' He also said, 'The time when the target network may have been accessed was in April 2023, and over the next few months the hacker continued to access the LvivTeploEnergo network, and on January 22, 2024, he attacked using a Moscow-based IP address.'
Dragos' research team also pointed out that the routers used by LvivTeploEnergo were not properly segmented from other servers and ENCO controllers. In addition, Dragos researcher Mark Graham warned, 'Given the prevalence of the Modbus protocol in industrial environments, FrostyGoop has the potential to interact with legacy and modern systems to cause disruption across all industrial sectors.'
Related Posts:
