MILPITAS, Calif. – A team of network security researchers have discovered a malicious computer software cunningly designed to attack industrial control systems (ICS) used in critical infrastructure, for example, power generation or chemical plants.
In a report released today, FireEye researchers said they identified the malware – which they dubbed Irongate – last year while researching viruses that attack ICS. The report states Irongate is only the fourth such class of malware ever found.
“Irongate invokes ICS attack concepts first seen in Stuxnet, but in a simulation environment. Because the body of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) malware is limited, we are sharing details with the broader community,” the report states.
Stuxnet was jointly created by the United States and Israel, although neither country has officially acknowledged its involvement. Anonymous U.S. officials have previously claimed Stuxnet was developed to sabotage Iran’s nuclear program with what would seem like a long series of ill-fated accidents.
The FireEye Labs Advanced Reverse Engineering (FLARE) team said it does not know who created Irongate or why. And while the malware is designed to work only on software that simulates a real machine, its characteristics are still notable.
READ NEXT: DHS Official Warns of More Cyber Attacks On Industrial Control Systems
For example, Irongate records five seconds of normal control activity and then repeatedly plays it back to trick control room operators into thinking the ICS are working properly. Simultaneously, as the operators observe only normal activity on their monitors, the malware is able to swap computer files that modify the temperature and pressure on a specific type of Siemens control system.
However, Siemens has confirmed that the malware would not work against its standard control system environment.
“Siemens Product Computer Emergency Readiness Team (ProductCERT) confirmed that Irongate is not viable against operational Siemens control systems and determined that Irongate does not exploit any vulnerabilities in Siemens products,” the report states. “We are unable to associate Irongate with any campaigns or threat actors. We acknowledge that Irongate could be a test case, proof of concept, or research activity for ICS attack techniques.”
The FLARE team, based here, discovered the malware on VirusTotal, a free online service that analyzes suspicious computer files and facilitates the detection of worms and other malware.
Go here to read the entire report.
