After having spent the past few months trying to get myself acquainted with the world of SCADA, it was time to look into the history of attacks it has been subject to. For the uninitiated, SCADA (Supervisory Control And Data Acquisition) is the term used for systems that are used to control physical equipment - such as in industries like power plants, oil and gas pipelines; at public facilities like metal detectors at airports; and even in private facilities e.g. to control/monitor processes like heating, ventilation, energy consumption etc. The... [Read More]
by RSS Ruchna Nigam  |  Feb 12, 2015  |  Filed in: Security Research
Following a post by F-Secure this June, bringing to light a variant of the Havex malware family targetting ICS/SCADA systems, there has been much speculation regarding the motives behind this malware campaign. That makes it only the second known malware family directly targeting SCADA equipment, after the infamous Stuxnet that reportedly set back Iran's nuclear program by 2 years. Symantec has called the attackers DragonFly while Crowdstrike refers to them as Energetic Bear in their 2013 Threat Report. Overall, there are two components of the... [Read More]
by RSS Ruchna Nigam  |  Jul 15, 2014  |  Filed in: Security Research
During the investigation of Havex Trojan, I was able to find more Havex module downloader variants. Currently, there are around 68 versions. In this blog, I'll give a brief evolving history of Havex module downloader. Following is the list of different versions in different time period, starts from year 2011. Even there are so many different versions, the significant changes are only applied on specific version. Next, I'll go through those important versions one by one in order to shed a light on how it evolves. 2011-09-28 Version 0x01 I believed... [Read More]
by RSS Kyle Yang  |  Jul 09, 2014  |  Filed in: Security Research
Tags: havex