According to an analysis from Forescout Research, Vedere Labs this week, one of two previously reported attacks against the Danish energy sector in May was mistakenly attributed to Sandworm.
Mass Exploitation of CVE-2023-27881 in Zyxel Firewalls At the time, Danish critical infrastructure security nonprofit SektorCERT noted that attackers were leveraging multiple, critical vulnerabilities in Zyxel gear, including two zero-days, to isolate targets from the national grid, and that command-and-control servers known to be associated with Sandworm were involved, across two different campaigns.
After the Danish attacks, further cyberactivity targeted exposed devices within critical infrastructure worldwide for months, with Forescout researchers detecting numerous IP addresses attempting to exploit the Zyxel bug across various devices as recently as October.
Attacks could continue still: At least six different power companies in European countries utilize Zyxel firewalls and may remain susceptible to potential exploitation by malicious actors, according to Forescout.
Critical Infrastructure: Not Just a State-Sponsored Target The fact that garden-variety opportunistic cyberattackers are getting into the ICS game should worry cyber defenders, according to John Gallagher, vice president of Viakoo Labs at Viakoo.
That trend will ironically be exacerbated by the modernization of the technology used by utilities and other critical infrastructure environments, notes Craig Jones, vice president of security operations at Ontinue.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 11 Jan 2024 22:35:15 +0000