"These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial loss, the U.S. Federal Bureau of Investigation (FBI) said in a post on X."
"The actors used leased, third-party hosted infrastructure with configuration software, such as Rockwell Automation's Studio 5000 Logix Designer software, to create an accepted connection to the victim's PLC."
"Upon obtaining initial access, the threat actors established command-and-control by deploying Dropbear, a Secure Shell (SSH) software, on victim endpoints to enable remote access through port 22."
Iranian cyber actors are targeting operational technology devices in U.S. critical infrastructure, particularly programmable logic controllers. These attacks have resulted in diminished functionality, data manipulation, and operational disruptions. The FBI reported that these activities are part of a broader escalation in cyber attacks linked to the ongoing conflict involving Iran. Specific targets include Rockwell Automation and Allen-Bradley PLCs in various sectors. The threat actors utilize third-party infrastructure and SSH software to gain access and manipulate data, prompting advisories for enhanced security measures.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]