{ "name": "ICS Threat Analysis: New Malware Can Kill Engineering Processes", "slug": "ics-threat-analysis-new-malware-can-kill-engineering-processes", "description": "An analysis of a public malware repository reveals a persistent presence of OT/ICS malware, with engineering workstations being a significant target. Two notable clusters were identified: Mitsubishi engineering workstation software infected with the Ramnit worm, and a new experimental malware named Chaya_003 capable of terminating Siemens engineering processes. The research highlights the evolving threat landscape in OT/ICS environments, emphasizing the need for enhanced security measures. Recommendations include hardening engineering workstations, proper network segmentation, and implementing comprehensive threat monitoring solutions across both IT and OT systems.", "published": "2024-12-18T13:43:53+00:00", "created_at": "2024-12-18T13:43:53+00:00", "modified_at": "2024-12-18T14:07:40+00:00", "created_at_opencti": "2024-12-18T13:43:53+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-12-18", "chaya_003", "discord c2", "engineering workstations", "ics", "mitsubishi", "ot", "process-termination", "ramnit", "siemens" ], "related_entities": { "observables": [ { "id": "", "name": "x86assembly.xyz" }, { "id": "", "name": "grpaper.com" }, { "id": "", "name": "az-security.info" }, { "id": "", "name": "432i.com" }, { "id": "", "name": "0g0d.com" }, { "id": "", "name": "fd8558b8a4165ebb47f120fa237c2ada306c430ae4cb2109eb644fd8b0b82b15" }, { "id": "", "name": "fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320" }, { "id": "", "name": "c1826e0d310a6a02f2ee1b5d88b6c0dd48baa8fe1dd99447e98e42c4ca023c96" }, { "id": "", "name": "b16a67f49ce5aa057236d2bff3e1ab2dcc2c6d3f2551e4520f54e125b2e289d8" }, { "id": "", "name": "ad5922bcc740e5761a708c526d023450ca278168ebcefaaf80f85815d6d6d24e" }, { "id": "", "name": "a1d721db0583eed0077bb8ab542ff15a806d24e2dbf13557b12842bd49995354" }, { "id": "", "name": "9579c6987ac8969d0b0cc0cc2a9da3b034fac41525d96fa79fa02d05813e70f9" }, { "id": "", "name": "8b585155cdc7fcbe3d2fa169b307756557ef0d69afb392726f577a73f11d5a97" }, { "id": "", "name": "703f0aac78d388f1fbe3800697015d092fa70cea2c01f22f456c8b1aa20a2334" }, { "id": "", "name": "69eb2b940ba1fc7bc46699eeb3ff11d921683609f636efae05c0cb796b588a38" }, { "id": "", "name": "5ec05f903cc94d559b8eb23aa749805b78de2845bd2317017bc8e50cdceb613f" }, { "id": "", "name": "5b63ca75f95dc549729bb6261e9dc22f6425547584366188770507bd964221b4" }, { "id": "", "name": "517e35b32c4a1dedb155bbd208422cd5c5d34b5ec378712b7e8182fd26473c7e" }, { "id": "", "name": "1f1035b91db1264eb94aa055cdb50f35f0c27744e77e74b7031e099b112a5837" }, { "id": "", "name": "1b8957804dfa7324d10bf6d7ca22fc038951ab57ab1e6838da9c63ad057c1d20" } ], "malware": [ { "id": "legacy:malware:d35998649a2da619", "name": "Chaya_003", "slug": "chaya_003" }, { "id": "legacy:malware:95af29511e58ff00", "name": "Ramnit", "slug": "ramnit" } ], "attack_patterns": [ { "id": "d9f271ed-7685-4362-b90d-f16a14102f39", "name": "T1489" }, { "id": "29398669-98ed-4766-9dac-f9632f7175ff", "name": "T1518" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1", "name": "T1057" }, { "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e", "name": "T1071" }, { "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d", "name": "T1102" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "6aa7866f-9c1f-4159-938a-10a6adf41646", "name": "T1553" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ], "others": [ { "id": "", "name": "Belgium" }, { "id": "", "name": "Canada" }, { "id": "", "name": "United Kingdom of Great Britain and Northern Ireland" }, { "id": "", "name": "United States of America" }, { "id": "", "name": "Energy" }, { "id": "", "name": "Manufacturing" } ] }, "external_refs": [ "https://www.forescout.com/blog/ics-threat-analysis-new-experimental-malware-can-kill-engineering-processes/", "https://otx.alienvault.com/pulse/6762dfa9d2336cb75f51de3c" ] }