New Stuxnet-like Malware Discovered in the Wild
Researchers at the security firm FireEye have found mysterious malware, named Irongate, that’s designed to target industrial processes, specifically, ICS/SCADA equipment manufactured by Siemens.
Irongate masks its malicious activities by replacing a Dynamic Link Library (DLL) with a malicious DLL. The DLL works as a broker between a programmable logic controller (PLC) and the monitoring software. It records five seconds of normal traffic and then replays it -- the way Keanu Reeves loops tape in the movie Speed . This strategy allows attackers to hide from process operators.
The malware has the same attack traits that were seen in the infamous Stuxnet, which was allegedly created by Israel and the US to sabotage Iran’s nuclear program.
FireEye said in a blog post, “Our analysis finds that IRONGATE invokes ICS attack concepts first seen in Stuxnet, but in a simulation environment. Because the body of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) malware is limited, we are sharing details with the broader community.”