Instead, it exploits a vulnerability to retrieve it in cleartext format. The passoword cracker they analyzed does seem to work as advertised, insofar that it is able to recover Automation Direct’s DirectLogic 06 PLC password – but not by cracking it. However, initial dynamic analysis of a couple of other samples indicate they also contain malware,” the researchers noted. “Dragos only tested the DirectLogic-targeting malware. These appear to be tailor-made to work on PLCs and HMIs by AutomationDirect, Omron, Siemens, ABB, Delta Automation, Fuji Electric, Mitsubishi Electric, Pro-Face, Vigor Electric, Weintek, Allen-Bradley, Panasonic, Fatek, IDEC Corp., and LG. Several websites and multiple social media accounts are touting password-cracking software for PLCs, HMIs and project files, Dragos researchers have found. Thus, industrial engineers who can’t access PLC programming software or an HMI because they don’t know the right password occasionally turn to the internet to find a tool to help them crack it. Unfortunately, necessity often compels people to make bad decisions.
- Makes compromised hosts part of a peer-to-peer botnet that engages in password cracking and cryptocurrency miningĭownloading password-cracking software created by an unknown, untrusted third party is rarely (if ever!) a good idea.
- Abuses Windows’ autorun functionality to spread copies of itself over USBs, network shares, and external storage drives.
- Identifies security products (AVs, firewalls) and terminates them.
- Uses process injection and file infection to achieve persistence.
-
The password-cracking software also carries a dropper that infects the machine with Sality malware, which:
A threat actor is targeting industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine interfaces (HMIs), exploiting their pressing needs to turn industrial workstations into dangerous bots.Īccording to Dragos researchers, the adversary seems not to be interested in disrupting industrial processes but making money.