Security researchers have discovered new industrial control system malware, dubbed “CosmicEnergy,” which they say could be used to disrupt critical infrastructure systems and electric grids.
The malware was uncovered by researchers at Mandiant, who have likened CosmicEnergy’s capabilities to the destructive Industroyer malware that the Russian state-backed “Sandworm” hacking group used to cut power in Ukraine in 2016.
Unusually, Mandiant says it uncovered CosmicEnergy through threat hunting and not following a cyberattack on critical infrastructure. The malware was uploaded to VirusTotal, a Google-owned malware and virus scanner, in December 2021 by a submitter based in Russia, according to Mandiant. The cybersecurity company’s analysis shows that the malware may have been developed by Rostelecom-Solar, the cybersecurity arm of Russia’s nation …
