Researchers Discover New Malware That Attacks Industrial Systems: Stuxnet 2.0?

[steven36]

Researchers have discovered a new kind of malware that was developed to attack industrial systems.

 

 

FireEye, which named the discovery Irongate, said that the malware is capable of disrupting industrial control systems that are operating within simulated Siemens computing environments.

 

Irongate allows attackers to manipulate the systems and hide the readings of industrial processes. These systems support the operations of infrastructure such as those of utilities and manufacturing plants.

FireEye discovered Irongate late least year while going over VirusTotal, which is a search engine owned by Google that checks samples of malware against scans made by antivirus software.

 

It was found that two separate versions of Irongate were uploaded a year earlier by two unidentified sources, with neither sample triggering any alarms upon their posting to the search engine.

 

Siemens, however, has confirmed with FireEye that Irongate could not be considered viable against the current Siemens control systems being used, with the malware not capable of exploiting any flaws in the company's products.

 

As such, Irongate could be a proof of concept for malware that is being developed for industrial control systems. It is also important to note that it has certain similarities with a controversial malware known as Stuxnet.

 

Stuxnet was a sabotage malware, which was said to have been created by the United States and Israel for the purpose of disrupting the nuclear program of Iran. The malware was credited for the destruction of almost 1,000 uranium enrichment centrifuges in the country and is said to be a part of a wider cyber-operation named Nitro Zeus.

 

The goal for attackers using both Stuxent and Irongate would be to inject the malware into the supervisory control and data acquisition, or SCADA, systems to manipulate data. Stuxnet suspended the monitoring of data to relay information that the rotor speed of the uranium centrifuges were working fine, while Irongate would have recorded valid data and then kept playing the data back to trick the monitoring users that everything was going well.

 

In both cases, while all the reported data would come back normal, the malware would substitute certain files to attack the system and launch disruptive and destructive commands. While Stuxnet controlled the systems of the uranium centrifuges, Irongate appears to have been written to change pressure and temperature levels.

 

The discovered version of Irongate was harmless, but those who developed it could already have a working version against current industrial control systems. As such, Irongate's existence should serve as a warning to companies that utilize SCADA systems in their operations.

 

The Source

 

[Holmes]

It uses a similiar technique that stuxnet used everything else is different.  I have read about irongate in a different website its partly the same as stuxnet not full copy or successor.  This is the article I read:

 

http://www.theregister.co.uk/2016/06/03/laboratory_ics_malware_masks_attack_with_replayed_normal_traffic/

 

It looks like the same article I dont know if it has content that yours doesnt have or not.