During the occupation of Chernobyl by the Russian Army in February and March of 2022, there is evidence to suggest that radiation sensor data from the Chernobyl exclusion area may have been manipulated. Research by Ruben Santamarta indicates that the radiation levels depicted by certain real-time radiation maps did not match the actual conditions on the ground. If this manipulation was the result of a cyberattack, it raises concerns about the safety of sensor data in industrial systems.
In another cyberattack incident, train services near the Polish city of Szczecin were brought to a halt due to interference with the rail control systems. Approximately twenty trains were stopped after the emergency radio signal was compromised. While service was restored relatively quickly, there are suspicions that Russian hacktivist groups may have been involved. Investigations are ongoing to determine the extent of the attack and its perpetrators.
Energy One, an Australian company specializing in software for energy firms, recently disclosed a cyberattack on its corporate systems. The attack, which occurred on August 18th, affected both the Australian and UK branches of the company. Energy One has taken steps to minimize the impact of the incident and has engaged with cybersecurity specialists for assistance. The investigation is ongoing to assess the extent of the attack and identify any affected systems.
At the DEF CON conference, CISA Director Jen Easterly warned of potential infrastructure attacks by Chinese threat actors should a conflict arise in the Taiwan straits. Easterly emphasized the need to take Chinese capabilities into account and to be prepared for potential attacks on critical infrastructure. The recent joint advisory from the Five Eyes countries highlighted Chinese cyberespionage operations targeting US critical sectors, including communications, manufacturing, utility, transportation, and more. The Chinese government has denied these allegations and dismissed them as disinformation.
Microsoft recently discovered several high-severity vulnerabilities in the CODESYS industrial automation software. The vulnerabilities could potentially lead to denial-of-service attacks or remote code execution. CODESYS has worked with Microsoft to develop patches for these vulnerabilities, and organizations are advised to apply the fixes promptly. While the vulnerabilities are not easily exploitable, it is still important to address them to strengthen security.
In a separate incident, a power generator in an undisclosed southern African country fell victim to a malware attack. The attack involved the use of Cobalt Strike beacons and a new variant of the SystemBC payload. It is suspected to be in the early stages of a ransomware attack. The incident serves as a reminder of the ongoing threats to critical infrastructure, and the importance of robust cybersecurity measures.
Overall, these incidents highlight the vulnerabilities and risks associated with industrial systems and critical infrastructure. It is crucial for organizations to prioritize cybersecurity and implement necessary measures to protect against potential cyber threats.