StuxNet Like Virus Hits European Power Plants: Shutdown A Nation’s Grid With A Keystroke

Monday, June 30, 2014
By Paul Martin

Swati Khandelwal
GovtSlaves.com

Security researchers have uncovered a new Stuxnet like malware, named as “Havex”, which was used in a number of previous cyber attacks against organizations in the energy sector.

Just like Famous Stuxnet Worm, which was specially designed to sabotage the Iranian nuclear project, the new trojan Havex is also programmed to infect industrial control system softwares of SCADA and ICS systems, with the capability to possibly disable hydroelectric dams, overload nuclear power plants, and even can shut down a country’s power grid with a single keystroke.

According to security firm F-Secure who first discovered it as Backdoor:W32/Havex.A., it is a generic remote access Trojan (RAT) and has recently been used to carry out industrial espionage against a number of companies in Europe that use or develop industrial applications and machines.

SMARTY PANTS, TROJANIZED INSTALLERS

To accomplish this, besides traditional infection methods such as exploit kits and spam emails, cybercriminals also used an another effective method to spread Havex RAT, i.e. hacking the websites of software companies and waiting for the targets to install trojanized versions of legitimate apps.

During installation, the trojanized software setup drops a file called “mbcheck.dll”, which is actually Havex malware, that attackers are using as a backdoor. “The C&C server will [then] instruct infected computers to download and execute further components,”
“We gathered and analyzed 88 variants of the Havex RAT used to gain access to, and harvest data from, networks and machines of interest. This analysis included investigation of 146 command and control (C&C) servers contacted by the variants, which in turn involved tracing around 1500 IP addresses in an attempt to identify victims.” F-Secure said.

F-secure didn’t mention the names of the affected vendors, but an industrial machine producer and two educational organizations in France, with companies in Germany were targeted.

The Rest…HERE

Leave a Reply

Join the revolution in 2018. Revolution Radio is 100% volunteer ran. Any contributions are greatly appreciated. God bless!

Follow us on Twitter