Topics
Latest
AI
Amazon
Image Credits:Anastasiia Smolienko / Ukrinform/Future Publishing / Getty Images
Apps
Biotech & Health
mood
Image Credits:Anastasiia Smolienko / Ukrinform/Future Publishing / Getty Images
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
fundraise
widget
Gaming
Government & Policy
ironware
Layoffs
Media & Entertainment
Meta
Microsoft
seclusion
Robotics
Security
societal
Space
Startups
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
For two days in mid - January , some Ukrainians in the city of Lviv had to live without central heating and lose freezing temperatures because of a cyberattack against a municipal energy society , security researchers and Ukrainian authorities have since concluded .
On Tuesday , the cybersecurity company Dragospublished a reportwith item about a newfangled malware dubbed FrostyGoop , which the company says is design to target industrial control systems — in this particular case , specifically against a type of heating arrangement controller .
Dragos investigator wrote in their report that they first detect the malware in April . At that point , Dragos did not have more entropy on FrostyGoop aside from the malware sampling and believed it was only used for examination . Later on , however , Ukrainian authorities warn Dragos that they had found evidence that the malware was actively used in a cyberattack in Lviv during the tardy evening of January 22 through January 23 .
“ And that lead in the expiration of heating to over 600 flat buildings for almost 48 hour , ” said Mark “ Magpie ” Graham , a researcher at Dragos , during a call with reporter brief on the account prior to its release .
A interpreter for the Security Council of Ukraine told TechCrunch in an email that it “ was involved in response measuring stick , ” following the approach .
“ As a result : the consequence of the cyberattack were quickly do in , and services were restitute , ” the spokesperson say in an email , which was machine translate , as it was written in Ukrainian . The spokesperson confirmed the tone-beginning happened in January 2024 and that it affect “ more than 600 households in the city . ” The representative also allege the hackers targeted “ the info and communicating base of LvivTeploEnergo , ” which is a big provider of heat energy and red-hot water .
Dragos investigator Graham , Kyle O’Meara , and Carolyn Ahlers wrote in the report that “ remedy of the incident took almost two days , during which time the civilian population had to stomach sub - zero temperatures . ”
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
This is the third known outage linked to cyberattacks to bump off Ukrainians in recent years . While the research worker said the malware was improbable to induce far-flung outage , it shows an increased feat by malicious hacker to target decisive infrastructure , like energy grid .
The FrostyGoop malware is design to interact with industrial control machine ( ICS ) over Modbus , a decades - old protocol wide used across the world to control twist in industrial environments , meaning FrostyGoop could be used to target other companies and adeptness anywhere , according to Dragos .
“ There ’s at least 46,000 Internet display ICS devices that allow Modbus today , ” Graham told reporters .
Dragos said that FrostyGoop is the 9th ICS - specific malware it has encounter over the years . The most famed of these are Industroyer ( also known as CrashOverride ) , which was used by the infamous Russian - government - unite hack on chemical group Sandworm toturn off the lights in Kyivand laterto unplug electrical substationsin Ukraine . exterior of those cyberattacks targeting Ukraine , Dragos has also seen Triton , which was deploy against a Saudi petrochemical plant andagainst an unknown second facilitylater on ; and the CosmicEnergy malware , whichwas get a line by Mandiant last year .
Dragos researchers save that they believe the hackers in control of the FrostyGoop malware first gained approach to the targeted municipal energy ship’s company ’s web by work a exposure in an internet - exposed MikroTik router . The researchers said the router was not “ adequately section ” along with other servers and controller , including one made by ENCO , a Taiwanese company .
Graham said in the call that they regain open ENCO controllers in Lithuania , Ukraine , and Romania , underline once again that while FrostyGoop was used in a target attack in Lviv this time , the hackers in control could target the malware elsewhere .
ENCO and its employee did not immediately respond to TechCrunch ’s asking for comment .
“ The adversaries did not essay to destroy the controllers . Instead , the resister caused the controllers to report inaccurate measurements , ensue in the incorrect operation of the organisation and the loss of heating to customers , ” the research worker compose .
During the investigation , the researchers say they concluded that the hackers “ perhaps gained access ” to the targeted internet in April 2023 , almost a year before deploying the malware and turning off the heat . In the following month , the hack kept accessing the internet and on January 22 , 2024 , connect to the internet through Moscow - based IP name and address , according to the report .
Despite the Russian IP addresses , Dragos did n’t direct the finger at any fuck particular hacking group or government as responsible for this cyber - enabled outage , because the company could n’t find ties to former activities or tools , and because of the company ’s longstanding insurance on not ascribe cyberattacks , said Graham .
What Graham did say is that he and his colleague believe this disruptive operation was deport over the cyberspace — as opposed to launching missiles at the quickness — potential as an drive to sabotage the esprit de corps of Ukrainians dwell there .
“ I mean it ’s very much a psychological effort here , facilitated through cyber means when kinetic perhaps here was n’t the good option , ” said Graham .
Finally , Dragos ’ field chief applied science officer Phil Tonkin said that while it ’s important not to underplay FrostyGoop , it ’s also crucial not to overhype it .
“ It ’s of import to pick out that whilst this is something that has been actively used , ” he aver during the call with the press , “ it ’s also very , very authoritative that we do n’t cogitate that this is something that is immediately going to wreak down the nation ’s power grid . ”