Mandiant has discovered a new malware called CosmicEnergy, which is believed to be connected to Russia and aimed at disrupting industrial control systems, particularly electric grids. The malware targets devices using the IEC 60870-5-104 protocol and can manipulate power line switches and circuit breakers, posing a potential threat to electric grid assets. It is suspected that CosmicEnergy may have originated from a contractor at Russian cybersecurity company Rostelecom-Solar, possibly created as a tool for power disruption exercises, although conclusive evidence is lacking. The malware shares similarities with previous Russian malware like Industroyer and Triton, indicating a potential for physical damage and disruption.

Read more: https://www.securityweek.com/new-russia-linked-cosmicenergy-ics-malware-can-disrupt-electric-grid