"According to Dragos's technical analysis, the hackers systematically compromised communication infrastructure and remote terminal units (RTUs), devices that interface between physical equipment at distributed sites and control systems. "Taking over these devices requires capabilities beyond simply understanding their technical flaws," Dragos explained. "It requires knowledge of their specific implementation. The adversaries demonstrated this by successfully compromising RTUs at approximately 30 sites, suggesting they had mapped common configurations and operational patterns to exploit systematically.""
"The attackers gained access to operational technology (OT) systems at combined heat and power (CHP) plants and renewable energy dispatch centers for wind and solar facilities, primarily targeting grid safety and stability monitoring systems rather than active power generation. Unlike the attacks targeting Ukraine's grid in 2015 and 2016, the incident did not result in electrical outages. However, the attackers' activities resulted in some equipment at the affected sites being bricked."
Threat actors believed to be Russian compromised communication and control systems across roughly 30 distributed energy resource sites in Poland, including combined heat and power plants and wind and solar dispatch centers. Attackers accessed operational technology (OT) systems and remote terminal units (RTUs), targeting grid safety and stability monitoring systems rather than active power generation. The campaign did not cause electrical outages but resulted in permanent industrial control system damage and some equipment being bricked. Analysts linked the activity to Sandworm and a related group tracked as Electrum, and reported deployment of wiper malware. The intrusions required detailed knowledge of device implementations and common configurations.
#distributed-energy-resources #industrial-control-systems #rtu-compromise #russian-state-sponsored-actors
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]