Malware, Threat Intelligence, Critical Infrastructure Security

US, Israeli critical infrastructure subjected to attacks with novel IOCONTROL malware

(Adobe Stock)

BleepingComputer reports that attacks with the newly emergent IOCONTROL malware have been deployed by Iranian threat actors against U.S. and Israeli critical infrastructure entities' OT/SCADA systems and IoT devices.

Identified within a Gasboy fuel control system's payment terminal believed to have been targeted by the Iranian state-backed operation CyberAv3ngers, IOCONTROL features a modular configuration and sophisticated script enabling the persistent compromise of a wide range of devices from D-Link, Hikvision, Orpak, Unitronics, Teltonika, Red Lion, Baicells, and Phoenix Contact, an analysis from Claroty's Team82 researchers revealed. Aside from bypassing network monitoring traffic tools through DNS over HTTPS utilization, IOCONTROL could also execute commands allowing comprehensive system data reporting to the command-and-control server; confirming proper installation and execution of the malware binary; executing arbitrary OS commands; permitting binary, log, and script self-deletion; and facilitating specified IP range scanning for the discovery of additional targets, researchers said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds