Outbreak Alert

CosmicEnergy Malware

Released: Jun 01, 2023

CosmicEnergy Malware Malware OT/ICS Tags

High Severity

New OT Malware designed to cause electric power disruption

A new malware called CosmicEnergy has been discovered that targets operational technology sector. According to the reports, the malware is designed to cause electric power disruption by exploiting IEC 60870-5-104 (IEC-104) protocol, which are commonly used in electric transmission and distribution operations in Europe, the Middle East, and Asia. Learn More »

Background

CosmicEnergy is similar in its capabilities to previous OT malware families Industroyer and Industroyer 2.0, as both variants aim to cause electric power disruption through targeting devices commonly used in electric transmission and distribution operations. According to the reports, CosmicEnergy is possibly associated with Russian government-funded power disruption and emergency response exercises.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

FotiGuard Labs has released Antivirus signatures for known malware and has behaviour detection engine service to detect other unknown and 0-day malware. FortiGuard Labs recommends organizations to review their OT/ICS security posture and always follow best practices for Operational Technology (OT) Security. https://www.fortinet.com/resources/cyberglossary/ot-security-best-practices

May 25, 2023: Mandiant released a blog on CosmicEnergy Malware.
https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response
May 25, 2023: FortiGuard Labs released a Threat Signal.
https://www.fortiguard.com/threat-signal-report/5171/

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Lure
Decoy VM
AV
AV (Pre-filter)
Behavior Detection

DETECT

IOC
Outbreak Detection
Threat Hunting

RESPOND

Automated Response
Assisted Response Services

RECOVER

NOC/SOC Training
InfoSec Services
End-User Training

IDENTIFY

Attack Surface Hardening
Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

References

Sources of information in support and relation to this Outbreak and vendor.

Mandiant

Learn More »

Industrial Cyber

Learn More »

Bleeping Computer

Learn More »

Dark Reading

Learn More »

The Hacker News

Learn More »

Washington Post

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Outbreak Alert

CosmicEnergy Malware

New OT Malware designed to cause electric power disruption

Background

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

References

Mandiant

Industrial Cyber

Bleeping Computer

Dark Reading

The Hacker News

Washington Post

About FortiGuard Outbreak Alerts

Threat Intelligence
Center