A threat actor is targeting industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine interfaces (HMIs), exploiting their pressing needs to turn industrial workstations into dangerous bots.
According to Dragos researchers, the adversary seems not to be interested in disrupting industrial processes but making money. The password-cracking software also carries a dropper that infects the machine with Sality malware, which:
Several websites and multiple social media accounts are touting password-cracking software for PLCs, HMIs and project files, Dragos researchers have found. These appear to be tailor-made to work on PLCs and HMIs by AutomationDirect, Omron, Siemens, ABB, Delta Automation, Fuji Electric, Mitsubishi Electric, Pro-Face, Vigor Electric, Weintek, Allen-Bradley, Panasonic, Fatek, IDEC Corp., and LG. 2b1af7f3a8