Dragos has released a new intelligence brief titled Impact of FrostyGoop ICS Malware on Connected OT Systems, summarising the operational technology threat and attack information gleaned from analysing the malware.
In April 2024, FrostyGoop, an ICS malware, was discovered in a publicly available malware scanning repository. FrostyGoop can target devices communicating over Modbus TCP to manipulate control, modify parameters, and send unauthorised command messages. Modbus is a commonly used protocol across all industrial sectors.
The Cyber Security Situation Center, a part of the Security Service of Ukraine, shared details with Dragos about a cyber-attack that impacted a municipal district energy company in Lviv, Ukraine, in January 2024. At the time of the attack, this facility fed over 600 apartment buildings in the Lviv metropolitan area, supplying customers with central heating. Remediation of the incident took almost two days, during which time the civilian population had to endure sub-zero temperatures. Dragos assessed that FrostyGoop and internet-exposed ICS devices facilitated this attack.
You can read the full briefing here.
