Rewterz Threat Alert – Malicious Domain Injecting JS Scripts to Steal Credit Card Data
May 13, 2019Rewterz Threat Advisory – CVE-2019-10922 – Siemens SIMATIC WinCC and SIMATIC PCS 7 Remote Code Execution Vulnerability
May 15, 2019Severity
High
Analysis Summary
“Russia and Iran are looking to conduct disruptive cyber-attacks on OT [operational technology] targets in the Middle East in a bid to disrupt industrial production.”, says FireEye, a major Security Solutions provider.
Experts are predicting that the operation will involve Triton malware that targets safety systems at industrial plants and destroys physical equipment.
State-sponsored or advanced persistent threat (APT) groups such as APT33, APT34, APT35 and APT39 are from Iran and their victims belong to every sector in the Middle East.
Recent Indicators of Compromise for the Triton malware are given below.
Impact
Disruption of Industrial processes
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)
- dc81f383624955e0c0441734f9f1dabfe03f373c
- 6c39c3f4a08d3d78f2eb973a94bd7718
- 437f135ba179959a580412e564d3107f
- b47ad4840089247b058121e95732beb82e6311d0
- 91bad86388c68f34d9a2db644f7a1e6ffd58a449
- 9c29c1ab56c939978ad6315d78571fa5
- 0face841f7b2953e7c29c064d6886523
- 1dd89871c4f8eca7a42642bf4c5ec2aa7688fd5c
- e98f4f3505f05bf90e17554fbc97bba9
- 97e785e92b416638c3a584ffbfce9f8f0434a5fd
- 288166952f934146be172f6353e9a1f5
- d6e997a4b6a54d1aeedb646731f3b0893aee4b82
- 27c69aa39024d21ea109cc9c9d944a04
- 66d39af5d61507cf7ea29e4b213f8d7dc9598bed
- f6b3a73c8c87506acda430671360ce15
- a6357a8792e68b05690a9736bc3051cba4b43227
- 4e5797312ed52d9eb80ec19848cadc95
- 2262362200aa28b0eead1348cb6fda3b6c83ae01
- 8b675db417cc8b23f4c43f3de5c83438
- 25dd6785b941ffe6085dd5b4dbded37e1077e222
Remediation
- Block the threat indicators at their respective controls.
- Keep all industrial equipment up-to-date and patched against all known vulnerabilities.