SCADA

Pierluigi Paganini June 04, 2018
North Korea-Linked Covellite APT group stopped targeting organizations in the U.S.

A North Korea-linked APT group, tracked by experts at industrial cybersecurity firm Dragos as Covellite, has stopped targeting US organizations. Anyway, the group, that is believed to be linked to the notorious Lazarus APT group, is continuing to target organizations in Europe and East Asia. The group has been around at least since 2017 and is still active, […]

Pierluigi Paganini May 24, 2018
Xenotime, Threat actors Behind Triton Malware broadens its activities

The threat actor behind the Triton malware (aka Trisis, Xenotime, and HatMan) is now targeting organizations worldwide and safety systems. The attackers are expanding their targets and new variants are able to attacks also other than Schneider Electric’s Triconex systems. The malware was first spotted in December 2017 by researchers at FireEye that discovered that it was specifically designed to […]

Pierluigi Paganini May 03, 2018
Schneider Electric Development Tools InduSoft Web Studio and InTouch Machine Edition are affected by a critical buffer flaw

Researchers at Tenable have disclosed technical details and a PoC code for a critical remote code execution vulnerability affecting Schneider Electric InduSoft Web Studio and InTouch Machine Edition products. Experts at security firm Tenable have discovered a critical remote code execution vulnerability affecting Schneider Electric InduSoft Web Studio and InTouch Machine Edition products. The InduSoft Web Studio […]

Pierluigi Paganini April 12, 2018
Researchers discovered several flaws that expose electrical substations to hack

The ICS-CERT and Siemens published are warning organizations of security flaws in Siemens devices (SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices) that could be exploited by hackers to target electrical substations. “Successful exploitation of these vulnerabilities could allow an attacker to upload a modified device configuration that could overwrite access authorization passwords, or allow an […]

Pierluigi Paganini January 13, 2018
Mobile App Flaws of SCADA ICS Systems Could Allow Hackers To Target Critical Infrastructure

IOACTIVE researchers warn that critical infrastructure mobile applications are being developed without secure coding compliance that could allow hackers to target SCADA Systems. In a report released today, by IOACTIVE, researchers’ advice that critical infrastructure mobile applications are being developed without secure coding compliance that could allow hackers to target Supervisory Control and Data Acquisition […]

Pierluigi Paganini October 15, 2017
Flaws in Siemens Building Automation Controllers open to hack. Fix them asap

Siemens has released a firmware update that addresses two vulnerabilities in its BACnet Field Panel building automation controllers. This week Siemens has released a firmware update for its BACnet Field Panel building automation products that solved two vulnerabilities, one of which is classified as high severity. The vulnerabilities affect APOGEE PXC and TALON TC BACnet […]

Pierluigi Paganini September 07, 2017
Dragonfly 2.0: the sophisticated attack group is back with destructive purposes

While the first Dragonfly campaigns appear to have been a more reconnaissance phase, the Dragonfly 2.0 campaign seems to have destructive purposes. Symantec has spotted a new wave of cyber attacks against firms in the energy sector powered by the notorious Dragonfly group. The Dragonfly group, also known as Energetic Bear, has been active since at […]

Pierluigi Paganini June 13, 2017
ICS Companies Are Worried About Cybersecurity, But Are They Worried About the Right Things?

Companies operating Industrial Control Systems (ICS) have a special set of challenges to deal with. Which is the state of the art? The equipment was expected to be installed and left alone for a long time. Pressures to reduce operating costs led to this equipment being connected, and the easiest networking equipment to find was […]

Pierluigi Paganini June 12, 2017
Experts spotted Industroyer ICS Malware and linked it to Ukraine Power Outage

Researchers at antivirus firm ESET have discovered a new strain of malware, dubbed Industroyer, that appears to have been designed to target power grids. The experts published a detailed analysis of the malware, they speculated the malicious code has been involved in the December 2016 attack on an electrical substation in Ukraine. “Win32/Industroyer is a sophisticated piece […]

Pierluigi Paganini April 05, 2017
Still problems for Schneider Electric, Schneider Modicon TM221CE16R has a hardcoded password

The firmware running on the Schneider Modicon TM221CE16R (Firmware 1.3.3.3) has a hardcoded password, and there is no way to change it. I believe it is very disconcerting to find systems inside critical infrastructure affected by easy-to-exploit vulnerabilities while we are discussing the EU NIS directive. What about hard-coded passwords inside critical systems? Unfortunately, it’s happened […]